tomato42
commented
3 months ago While I haven't tested xmlsec specifically, there's a very long list of implementations that turned out to be vulnerable.
Closed thalman closed 2 months ago
tomato42
commented
3 months ago While I haven't tested xmlsec specifically, there's a very long list of implementations that turned out to be vulnerable.
lsh123
commented
2 months ago Added options to disable PKCS 1.5 at compile time (see PR #781).
In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption. In 2018, Hanno Böck, Juraj Somorovsky, and Craig Young have shown 19 years later that many internet servers were still vulnerable to slight variations of the original attack.
After all these years it is shown that many implementation that thought to be fixed are still vulnerable. Red Hat security team recommends to disable support for this methods.
It should be of course fixed or disabled in used crypto libraries (e. g. openssl, gnutls...) but there are scenarios when it is not easy or possible to update those libraries and it will be beneficial to the users to prohibit it in xmlsec too.