Clarify attack conditions in the ChangeLog.
Referring to the previous entry could imply that the current one was limited to SHA-384 too, which it isn't.
This commit is contained in:
parent
6a25cfae2a
commit
830ce11eba
1 changed files with 7 additions and 4 deletions
11
ChangeLog
11
ChangeLog
|
@ -19,10 +19,13 @@ Security
|
|||
* Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
|
||||
1.2, that allowed a local attacker, able to execute code on the local
|
||||
machine as well as manipulate network packets, to partially recover the
|
||||
plaintext of messages under some conditions (see previous entry) by using
|
||||
a cache attack targetting an internal MD/SHA buffer. Connections using
|
||||
GCM or CCM instead of CBC or using Encrypt-then-Mac (RFC 7366) were not
|
||||
affected. Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
|
||||
plaintext of messages under some conditions by using a cache attack
|
||||
targetting an internal MD/SHA buffer. With TLS or if
|
||||
mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if
|
||||
the same secret (for example a HTTP Cookie) has been repeatedly sent over
|
||||
connections manipulated by the attacker. Connections using GCM or CCM
|
||||
instead of CBC or using Encrypt-then-Mac (RFC 7366) were not affected.
|
||||
Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
|
||||
* Add a counter-measure against a vulnerability in TLS ciphersuites based
|
||||
on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
|
||||
execute code on the local machine as well as manipulate network packets,
|
||||
|
|
Loading…
Reference in a new issue