CacheBleed: A Timing Attack on OpenSSL Constant Time RSA

[matsukan]

 

https://ssrg.nicta.com.au/projects/TS/cachebleed/

OpenSSL has classified this vulnerability as "low severity", which we agree with. In order to mount the attack, the attacker has to be able to run the attack code on the same machine that runs the victim code. CacheBleed is a complex attack and there are much easier-to-exploit vulnerabilities in personal computers that it is unlikely that anyone would use CacheBleed in such an environment.