Reset Search
 

 

Article

KB26562 - OpenSSL leaks the ECDSA private key via a remote timing attack

« Go Back

Information

 
Last Modified Date8/25/2015 8:48 AM
Synopsis

This article provides information about Juniper's possible vulnerability to the situation described in the following Vulnerability Note from the Software Engineering Institute (SEI) at Carnegie Mellon University:

Problem or Goal

A remote attacker can retrieve the private key of a TLS server that authenticates with ECDSA signatures and binary curves.

Cause

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

For more information, see the following Common Vulnerabilities and Exposures (CVE) from the National Cyber Awareness System:

Among the Vulnerable software and versions listed there are OpenSSL "1.0.0d and previous versions."

Solution

Juniper IVE supports Elliptic Curves ciphers in release 7.4 and above, as described in the following article:

FAQ 8: What are the openssl versions used in vulnerable server and clients components?
Server-Side:
Secure Access software versions 7.4R1 and 7.4R2 uses openssl version 1.0.1c and 7.4R3 and above uses openssl version 1.0.1e.
Secure Access software versions 8.0R1 to 8.0R3 uses openssl version 1.0.1e.

To avoid potential vulnerability, use IVE 7.4R3 or above when using the ECDHE_ECDSA cipher suite with ECC certificates.

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255