Knowledgebase Article

CVE-2017-17427 Adaptive chosen-ciphertext attack vulnerability

Alteon | AppDirector


Partial content displayed, please Sign In in order to gain full access

Description
Alteon and AppDirector XL model platforms and AppXcel may be vulnerable to Bleichenbacher cryptographic attacks. A malicious attacker with access to the network traffic or a MiTM (man in the middle) may recover the session key and decrypt the SSL session. The attacker CANNOT recover the server’s private key.
Impact
Configurations that limit ciphers to ECC or PFS (Perfect Forward Secrecy) are not vulnerable. Plaintext recovery: An attacker may recover plaintext of recorded encrypted traffic on vulnerable RSA key exchange ciphers. Most TLS handshakes choose ECDHE/DHE and not RSA as a key exchange algorithm. An attacker in a position of MiTM could force RSA key exchange, however, this requires careful timing see below MiTM attacks.
 
The vulnerability was reported to Radware by security researcher Hanno Böck. https://hboeck.de/en/
 
Mitigation
For more information read the  Adaptive chosen-ciphertext attack Security Advisory