Clavister Information for VU#997481

Cryptographic libraries and applications do not adequately defend against timing attacks


Not Affected

Vendor Statement

Clavister Firewall: Not vulnerable

Clavister VPN Client: Not vulnerable

None of Clavister's products incorporate SSL/TLS servers. We do however implement IKE. The IKE specification incorporates a mode where the Brumley/Boneh timing attack applies: IKE with RSA encryption. No Clavister products support this mode; only RSA signatures, which is not vulnerable to this attack.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.