Multiple Vendor PKCS#1 Vulnerability

Multiple Vendor PKCS#1 Vulnerability

During the session key exchange in the SSL protocol PKCS#1 is used to provide confidentiality. When the SSL server reports errors during the decryption phase of PKCS#1 the server can become and 'oracle' and provide enough information to recover the session key. This can result in the decryption of a whole SSL session (possibly previously recorded). For the attack to work the attacker has to perform a large number of erroneous requests to the SSL server.