Vulnerability Name:
CVE-2005-1797 (CCN-21800)
Assigned:
2005-05-26
Published:
2005-05-26
Updated:
2008-09-05
Summary:
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
CVSS v3 Severity:
5.6 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
5.1 Medium
(CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
5.1 Medium
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Obtain Information
References:
Source: CCN
Type: Daniel J Bernstein - computer science class project
Cache-timing attacks on AES
Source: MISC
Type: Vendor Advisory
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Source: MITRE
Type: CNA
CVE-2005-1797
Source: CCN
Type: OSVDB ID: 20501
Advanced Encryption Standard (AES, aka Rijndael) S-box Lookup Timing Attack
Source: BID
Type: Vendor Advisory
13785
Source: CCN
Type: BID-13785
Advanced Encryption Standard Cache Timing Key Disclosure Vulnerability
Source: XF
Type: UNKNOWN
aes-timing-information-disclosure(21800)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
OR
cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
openssl
openssl 0.9.1c
openssl
openssl 0.9.2b
openssl
openssl 0.9.3
openssl
openssl 0.9.4
openssl
openssl 0.9.5
openssl
openssl 0.9.5a
openssl
openssl 0.9.6
openssl
openssl 0.9.6a
openssl
openssl 0.9.6b
openssl
openssl 0.9.6c
openssl
openssl 0.9.6d
openssl
openssl 0.9.6e
openssl
openssl 0.9.6f
openssl
openssl 0.9.6g
openssl
openssl 0.9.6h
openssl
openssl 0.9.6i
openssl
openssl 0.9.6j
openssl
openssl 0.9.6k
openssl
openssl 0.9.6l
openssl
openssl 0.9.6m
openssl
openssl 0.9.7
openssl
openssl 0.9.7 beta1
openssl
openssl 0.9.7 beta2
openssl
openssl 0.9.7 beta3
openssl
openssl 0.9.7a
openssl
openssl 0.9.7b
openssl
openssl 0.9.7c
openssl
openssl 0.9.7d
openssl
openssl 0.9.7a
openssl
openssl 0.9.6i
openssl
openssl 0.9.7
openssl
openssl 0.9.6k
openssl
openssl 0.9.6a
openssl
openssl 0.9.7b
openssl
openssl 0.9.7c
openssl
openssl 0.9.1c
openssl
openssl 0.9.2b
openssl
openssl 0.9.3
openssl
openssl 0.9.4
openssl
openssl 0.9.5
openssl
openssl 0.9.5a
openssl
openssl 0.9.6
openssl
openssl 0.9.6b
openssl
openssl 0.9.6c
openssl
openssl 0.9.6d
openssl
openssl 0.9.6e
openssl
openssl 0.9.6f
openssl
openssl 0.9.6g
openssl
openssl 0.9.6h
openssl
openssl 0.9.6j
openssl
openssl 0.9.6l
openssl
openssl 0.9.6m
openssl
openssl 0.9.7 beta1
openssl
openssl 0.9.7 beta2
openssl
openssl 0.9.7 beta3
openssl
openssl 0.9.7d
Denotes that component is vulnerable