all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Marvin attack revives 25-year-old decryption flaw in RSA

Add to bookmarks
Oct. 1, 2023, 3:07 p.m. | /u/jvsouza15

cybersecurity www.reddit.com

[https://www.bleepingcomputer.com/news/security/new-marvin-attack-revives-25-year-old-decryption-flaw-in-rsa/](https://www.bleepingcomputer.com/news/security/new-marvin-attack-revives-25-year-old-decryption-flaw-in-rsa/)

A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today.



After extensive testing that measures end-to-end operations, Red Hat researchers discovered several variations of the original timing attack, collectively called the 'Marvin Attack,' which can effectively bypass fixes and mitigations.

The problem allows attackers to potentially decrypt RSA ciphertexts, forge signatures, and even decrypt sessions recorded on a vulnerable TLS server.

attack bypass called cybersecurity effectively end end-to-end fixes flaw mitigations operations padding pkcs problem projects red hat researchers servers ssl testing timing attack today

Visit resource

More from www.reddit.com / cybersecurity

How much knowledge do you guys know about the industry that you work in? 6 hours ago | www.reddit.com
banking cybersecurity etc gas +8
Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 8 hours ago | www.reddit.com
attack attacks campaign cisco +7
Any Fortune 100 company go all in on Microsoft E5 Security Suite? 18 hours ago | www.reddit.com
all in cybersecurity defender defenders +12
Blueteam Certification like cybersecurity engineers 19 hours ago | www.reddit.com
architect blueteam certification certifications +12
Fake job interviews target developers with new Python backdoor 23 hours ago | www.reddit.com
backdoor cybersecurity developers fake +7
Passkeys: A Shattered Dream 23 hours ago | www.reddit.com
cybersecurity dream passkeys
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software 23 hours ago | www.reddit.com
census cyberattack cybersecurity easy +4
Ukraine's military intelligence launches cyberattack against United Russia party 23 hours ago | www.reddit.com
cyberattack cybersecurity intelligence military +4
The XZ Utils Backdoor explained - Columbia University Lecture 1 day, 1 hour ago | www.reddit.com
cybersecurity

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada
View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area
View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location
View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US
View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com
View more jobs