IBM Support

IC90431: "LUCKY 13" PLAINTEXT RECOVERY ATTACK AGAINST SSL/TLS WITH CBC CIPHERS (CVE-2013-0169)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • A security vulnerability was discovered in SSL and TLS
    protocols when CBC ciphers are used (such as 3DES and AES in CBC
    mode).  Small differences in the time taken during MAC
    processing can leak enough information to allow  a
    man-in-the-middle attacker to recover plaintext information from
    previous SSL/TLS connections.
    
    This vulnerability is known as CVE-2013-0169 and also as "Lucky
    13".
    
    The DataPower appliance's SSL implementation is vulnerable to
    this attack when CBC cipher suites are used (but not when stream
    cipher suites are used).
    
    
    The protocol problem that allows the attack only affects block
    ciphers such as 3DES and AES.  There is one stream cipher
    supported by SSL/TLS called RC4.  Using a stream cipher avoids
    this attack entirely.
    

Local fix

  • Use a stream cipher (RC4) to alleviate this vulnerability until
    the APAR fix is available.
    
    
    
    To configure this in the DataPower WebGUI, enter the string
    RC4-SHA:RC4-MD5 into the Ciphers property in the Crypto Profile
    and Save. With this configuration setting, DataPower
    negotiates strong, non-export cipher suites involving RC4 - a
    stream cipher rather than a block cipher.
    

Problem summary

  • Customers using the DataPower SSL stack with CBC cipher suites
    (3DES or AES) are vulnerable to the "Lucky 13" attack
    (CVE-2013-0169).
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IC90431

  • Reported component name

    DATAPOWER

  • Reported component ID

    DP1234567

  • Reported release

    382

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-02-22

  • Closed date

    2013-04-04

  • Last modified date

    2013-05-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DATAPOWER

  • Fixed component ID

    DP1234567

Applicable component levels

  • R401 PSY

       UP

  • R402 PSY

       UP

  • R500 PSY

       UP

  • R382 PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.8.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
11 February 2022