After Schrodinger’s Cat Meet Bleichenbacher’s CAT

The Bleichenbacher attack refuses to go away, and involves sending errors to a server and observing the results. After 10 of thousands of replies, the adversary has a high chance of performing a downgrade attack on the server. The new attack brings several new vulnerabilities: CVE-2018–12404, CVE-2018–19608, CVE-2018–16868, CVE-2018–16869, CVE-2018–16870.

A core weakness in TLS relates to the handshaking of the session key which is used within the tunnel. With the RSA key exchange method, the server passes its public key to the server, and the client creates a new session key and then encrypts this with the server’s public key. When returned, the server decrypts it with its private key, and both the client and server have the same symmetric key (normally using AES). This method of key passing, though, is not well liked, and only around 6% of TLS connections use the RSA key exchange method, but intruders can still use it as a downgrade attack. In TLS 1.3, the RSA key exchange method has been removed.