Clavister Information for VU#997481
Cryptographic libraries and applications do not adequately defend against timing attacks
Clavister Firewall: Not vulnerable
Clavister VPN Client: Not vulnerable
None of Clavister's products incorporate SSL/TLS servers. We do however implement IKE. The IKE specification incorporates a mode where the Brumley/Boneh timing attack applies: IKE with RSA encryption. No Clavister products support this mode; only RSA signatures, which is not vulnerable to this attack.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.