Knowledgebase Article

Security Advisory Explicit Initialization Vector for AES-GCM Cipher

| Alteon


Partial content displayed, please Sign In in order to gain full access

Description
This Security Advisory describes the status of Radware products relating to vulnerability in the explicit initialization vector for the AES-GCM cipher.
Impact

Description
The AES-GCM cipher included in TLS 1.2 uses an initialization vector (IV) split into a four-byte implicit and eight-byte explicit IV. The implicit IV is derived in the TLS handshake. The explicit IV is chosen by the sender and must be distinct for every invocation of the GCM encryption function (reference RFC 5288).
Due to a bug in third-party code, the first two SSL encrypted data records use a fixed explicit IV. The third SSL encrypted data record and onwards uses a fixed randomized IV.

Vulnerability severity: Medium-High

The vulnerability was reported to Radware by security researcher Hanno Böck. https://hboeck.de/en/

 

Mitigation and Fix
A hot fix for the vulnerability is available started for the following versions:

  • Alteon verion 30.2.1.100
  • Alteon version 30.0.5.100

 


For more information read the  Explicit Initialization Vector for AES-GCM Cipher Security Advisory