- Update to 18.3.4.7:
* ssl: An erlang TLS server configured with cipher suites using
rsa key exchange, may be vulnerable to ani Adaptive Chosen
Ciphertext attack (AKA Bleichenbacheri attack) against RSA,
which when exploited, may resulti in plaintext recovery of
encrypted messages and/or ai Man-in-the-middle (MiTM) attack,
despite the attackeri not having gained access to the server’s
private key itself. CVE-2017-1000385
Exploiting this vulnerability to perform plaintext recovery of
encrypted messages will, in most practical cases, allow an
attacker to read the plaintext only after the session has
completed. Only TLS sessions established using RSA key exchange
are vulnerable to this attack.
Exploiting this vulnerability to conduct a MiTM attack requires
the attacker to complete the initial attack, which may require
thousands of server requests, during the handshake phase of the
targeted session within the window of the configured handshake
timeout. This attack may be conducted against any TLS session
using RSA signatures, but only if cipher suites using RSA key
exchange are also enabled on the server. The limited window of
opportunity, limitations in bandwidth, and latency make this
attack significantly more difficult to execute.
RSA key exchange is enabled by default although least
prioritized if server order is honored. For such a cipher suite
to be chosen it must also be supported by the client and
probably the only shared cipher suite.
Captured TLS sessions encrypted with ephemeral cipher suites
(DHE or ECDHE) are not at risk for subsequent decryption due to
this vulnerability.