lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 26 Mar 2003 13:53:49 +0100
From: "Martin Vuagnoux" <bugtraq@...gnoux.com>
To: <bugtraq@...urityfocus.com>, <vuln-dev@...urityfocus.com>,
	<vuldb@...urityfocus.com>
Subject: TLS timing attack on OpenSSL [can-2003-78] [bid 6884] exploit


Hi,
Here you can find the tool used to make a "proof of concept" for the
Vaudenay's TLS Timing Attack for < OpenSSL/9.7a. (CAN-2003-78)
BID REF: 6884

                            http://omen.vuagnoux.com

This attack was tested on a IMAPrev4 server (WU) encapsuled by
stunnel-3.22 using OpenSSL/9.7 and Microsoft Outlook Express 6.x IMAP
client.

Enjoy :^)

Martin Vuagnoux - ilion's lab member - www.ilionsecurity.ch

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ