Knowledgebase Article
Partial content displayed, please Sign In in order to gain full access
Description
The AES-GCM cipher included in TLS 1.2 uses an initialization vector (IV) split into a four-byte implicit and eight-byte explicit IV. The implicit IV is derived in the TLS handshake. The explicit IV is chosen by the sender and must be distinct for every invocation of the GCM encryption function (reference RFC 5288).
Due to a bug in third-party code, the first two SSL encrypted data records use a fixed explicit IV. The third SSL encrypted data record and onwards uses a fixed randomized IV.
Vulnerability severity: Medium-High
The vulnerability was reported to Radware by security researcher Hanno Böck. https://hboeck.de/en/
Mitigation and Fix
A hot fix for the vulnerability is available started for the following versions:
- Alteon verion 30.2.1.100
- Alteon version 30.0.5.100
For more information read the Explicit Initialization Vector for AES-GCM Cipher Security Advisory