An error in the way Transport Layer Security (TLS) implements RSA encryption may leave it vulnerable to a Bleichenbacher-style attack.
Poor implementations of the RFC 5246 standard may leak information when handling PKCS#1 padding errors. These errors may allow an attack to discern between valid and invalid messages, and could be used to gain access to the pre-master private RSA key (i.e. TLS session key). This key could then be used by a remote, unauthenticated attacker to decrypt TLS traffic.
In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption. They discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.
Affected Platforms – Transport Layer Security protocol
Resolution – If possible, disable use of RSA with TLS and check for released vendor patches.