all InfoSec news
New Marvin attack revives 25-year-old decryption flaw in RSA
Oct. 1, 2023, 3:07 p.m. | /u/jvsouza15
cybersecurity www.reddit.com
A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today.
After extensive testing that measures end-to-end operations, Red Hat researchers discovered several variations of the original timing attack, collectively called the 'Marvin Attack,' which can effectively bypass fixes and mitigations.
The problem allows attackers to potentially decrypt RSA ciphertexts, forge signatures, and even decrypt sessions recorded on a vulnerable TLS server.
attack bypass called cybersecurity effectively end end-to-end fixes flaw mitigations operations padding pkcs problem projects red hat researchers servers ssl testing timing attack today
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Researcher, SIEM
@ Huntress | Remote Canada
Senior Application Security Engineer
@ Revinate | San Francisco Bay Area
Cyber Security Manager
@ American Express Global Business Travel | United States - New York - Virtual Location
Incident Responder Intern
@ Bentley Systems | Remote, PA, US
SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May
@ EMW, Inc. | Mons, Wallonia, Belgium