BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a virtual server configured with a Client SSL profile, and using Anonymous Diffie-Hellman (ADH) or Ephemeral Diffie-Hellman (DHE) key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/Transport Layer Security (TLS) handshakes that may result with a pre-master secret (PMS) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Differences in processing time when the PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability. (CVE-2020-5929)
Impact
Exploiting this vulnerability requires multiple crafted SSL/TLS handshakes to the vulnerable BIG-IP virtual server. This vulnerability may make it possible to recover the shared secret of past sessions and perform plaintext recovery of encrypted messages. Only SSL/TLS sessions established using cipher suites that use ADH or DHE key exchange are vulnerable to this attack. Captured SSL/TLS sessions encrypted with cipher suites using the RSA key exchange are not at risk for subsequent decryption due to this vulnerability.
This vulnerability affects BIG-IP systems with virtual servers associated with a Client SSL profile and only if all of the following conditions are met:
Note: DHE is enabled by default in the DEFAULT cipher suite. ADH is not available in the DEFAULT cipher suite.
Note: TheSingle DH use option is not enabled by default in the Client SSL profile options list.