TLS 1.3 Vulnerable to Intercepting Encrypted Traffic

Researchers from multiple universities and groups have discovered a TLS 1.3 vulnerability that could allow a threat actor to intercept encrypted traffic and steal data. The potential attack on the latest version of the TLS protocol breaks confidentiality, and it is a variation of the original Bleichenbacher oracle attack, which performs RSA decryption and signs operations with the private key of a TLS server. The NJCCIC recommends patching systems as updates become available. More technical details on the TLS 1.3 vulnerability can be found in the research paper and the SC Media blog post.

AdvisoryNJCCICTLS