Botan RSA Decryption Timing Channel Vulnerability

Botan RSA Decryption Timing Channel Vulnerability

CVE-2016-8871 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.

Learn more about our Web Application Penetration Testing UK.