CVE-2020-25659
Timing Attack vulnerability in cryptography (PyPI)
What is CVE-2020-25659 About?
The `python-cryptography` library version 3.2 is susceptible to Bleichenbacher timing attacks in its RSA decryption API. This allows an attacker to recover sensitive information like private keys by observing the processing time of valid PKCS#1 v1.5 ciphertexts. While technically complex, the attack can be practical in environments where precise timing measurements are possible.
Affected Software
- cryptography
- <3.2
- <3.2.1
Technical Details
The python-cryptography 3.2 library suffers from a Bleichenbacher timing attack vulnerability within its RSA decryption API, specifically when processing PKCS#1 v1.5 ciphertexts. The attack exploits differences in the time taken for a server to respond to decryption requests based on the validity of the padding. By sending numerous specially crafted ciphertexts and precisely measuring the response times, an attacker can deduce information about the private key. This is possible because valid PKCS#1 v1.5 padded messages might be processed for different durations depending on the specific bytes of the plaintext and padding, creating a timing side channel that reveals information iteratively.
What is the Impact of CVE-2020-25659?
Successful exploitation may allow attackers to slowly recover sensitive cryptographic keys, leading to the compromise of encrypted communications, impersonation, or unauthorized access to data.
What is the Exploitability of CVE-2020-25659?
Exploitation is complex, requiring sophisticated knowledge of cryptography and statistical analysis to observe and interpret timing differences. No specific authentication or privilege is inherently required; the attacker only needs to be able to submit RSA decryption requests to the vulnerable system and measure the response times with high precision. This is typically a remote attack, but local access to the network for precise timing measurements can facilitate the attack. Special conditions include a high-resolution timer on the attacker's side and a network path with minimal jitter, allowing for consistent timing measurements. The risk is increased in applications where RSA decryption is frequently performed on untrusted input, such as TLS servers or secure messaging systems.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-25659?
Available Upgrade Options
- cryptography
- <3.2 → Upgrade to 3.2
- cryptography
- <3.2.1 → Upgrade to 3.2.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
- https://nvd.nist.gov/vuln/detail/CVE-2020-25659
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
- https://pypi.org/project/cryptography
- https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
- https://github.com/pyca/cryptography/pull/5507
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml
What are Similar Vulnerabilities to CVE-2020-25659?
Similar Vulnerabilities: CVE-2020-0543 , CVE-2020-0549 , CVE-2020-0550 , CVE-2020-0552 , CVE-2020-0551
