English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 126339 CVE descriptions
and 74190 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108609
Category:General
Title:OpenSSL: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) (Windows)
Summary:This host is running OpenSSL and is prone; to vulnerability which allows a nonce reuse.
Description:Summary:
This host is running OpenSSL and is prone
to vulnerability which allows a nonce reuse.

Vulnerability Insight:
ChaCha20-Poly1305 is an AEAD cipher, and requires
a unique nonce input for every encryption operation. RFC 7539 specifies that the
nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce
length and front pads the nonce with 0 bytes if it is less than 12 bytes. However
it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only
the last 12 bytes are significant and any additional leading bytes are ignored.

It is a requirement of using this cipher that nonce values are unique. Messages
encrypted using a reused nonce value are susceptible to serious confidentiality
and integrity attacks. If an application changes the default nonce length to be
longer than 12 bytes and then makes a change to the leading bytes of the nonce
expecting the new value to be a new unique nonce then such an application could
inadvertently encrypt messages with a reused nonce.

Additionally the ignored bytes in a long nonce are not covered by the integrity
guarantee of this cipher. Any application that relies on the integrity of these
ignored leading bytes of a long nonce may be further affected.

Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because
no such use sets such a long nonce value. However user applications that use
this cipher directly and set a non-default nonce length to be longer than 12
bytes may be vulnerable.

Affected Software/OS:
OpenSSL versions 1.1.1 up to and including 1.1.1b and
1.1.0 up to and including 1.1.0j.

This issue does not impact OpenSSL 1.0.2.

Solution:
Upgrade OpenSSL to version 1.1.0k, 1.1.1c or later.
See the references for more details.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-1543
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

This is only one of 74190 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.