TLS Bleichenbacher Attack Vulnerability

An error in the way Transport Layer Security (TLS) implements RSA encryption may leave it vulnerable to a Bleichenbacher-style attack.

Poor implementations of the RFC 5246 standard may leak information when handling PKCS#1 padding errors. These errors may allow an attack to discern between valid and invalid messages, and could be used to gain access to the pre-master private RSA key (i.e. TLS session key). This key could then be used by a remote, unauthenticated attacker to decrypt TLS traffic.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption. They discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.

Affected Platforms – Transport Layer Security protocol

Resolution – If possible, disable use of RSA with TLS and check for released vendor patches.


Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: