IBM Support

IC90431: "LUCKY 13" PLAINTEXT RECOVERY ATTACK AGAINST SSL/TLS WITH CBC CIPHERS (CVE-2013-0169)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A security vulnerability was discovered in SSL and TLS
protocols when CBC ciphers are used (such as 3DES and AES in CBC
mode).  Small differences in the time taken during MAC
processing can leak enough information to allow  a
man-in-the-middle attacker to recover plaintext information from
previous SSL/TLS connections.

This vulnerability is known as CVE-2013-0169 and also as "Lucky
13".

The DataPower appliance's SSL implementation is vulnerable to
this attack when CBC cipher suites are used (but not when stream
cipher suites are used).


The protocol problem that allows the attack only affects block
ciphers such as 3DES and AES.  There is one stream cipher
supported by SSL/TLS called RC4.  Using a stream cipher avoids
this attack entirely.

Local fix

  • Use a stream cipher (RC4) to alleviate this vulnerability until
the APAR fix is available.



To configure this in the DataPower WebGUI, enter the string
RC4-SHA:RC4-MD5 into the Ciphers property in the Crypto Profile
and Save. With this configuration setting, DataPower
negotiates strong, non-export cipher suites involving RC4 - a
stream cipher rather than a block cipher.

Problem summary

  • Customers using the DataPower SSL stack with CBC cipher suites
(3DES or AES) are vulnerable to the "Lucky 13" attack
(CVE-2013-0169).

Problem conclusion

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC90431
    • 

  • Reported component name
    DATAPOWER
    • 

  • Reported component ID
    DP1234567
    • 

  • Reported release
    382
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-02-22
    • 

  • Closed date
    2013-04-04
    • 

  • Last modified date
    2013-05-15
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER
    • 

  • Fixed component ID
    DP1234567
    • 



Applicable component levels


    

  • R401  PSY
       UP
    • 

  • R402  PSY
       UP
    • 

  • R500  PSY
       UP
    • 

  • R382  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.8.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback