Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-2107 PoC — OpenSSL AES-NI实现安全漏洞

Source
https://github.com/FiloSottile/CVE-2016-2107
Associated Vulnerability
Title:OpenSSL AES-NI实现安全漏洞 (CVE-2016-2107)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 1.0.1t之前版本和1.0.2h之前1.0.2版本的AES-NI实现过程中存在安全漏洞,该漏洞源于程序在进行填充检查时没有考虑内存分配。远程攻击者可通过向AES CBC会话实施padding-oracle攻击利用该漏洞获取敏感的明文信息。(注:该漏洞源于CNNVD-201302-133补丁的不
Description
Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)
Readme
# CVE-2016-2107
Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107)

## Installation

```
$ go version
go version go1.6.2 darwin/amd64
$ go get github.com/FiloSottile/CVE-2016-2107
```

This tool only builds with Go 1.6+, and only when downloaded to the right position in the $GOPATH.

## Usage

```
$ CVE-2016-2107 filippo.io
2016/05/03 17:50:49 Vulnerable: false
```
File Snapshot

 [4.0K]  /data/pocs/8014148aa664097855086b2aa6f650ab71252650
├── [1.1K]  LICENSE
├── [4.0K]  LuckyMinus20
│   ├── [1.3K]  CVE-2016-2107.go
│   ├── [ 805]  tls.patch
│   └── [4.0K]  vendor
│       └── [4.0K]  crypto
│           └── [4.0K]  tls
│               ├── [2.6K]  alert.go
│               ├── [ 10K]  cipher_suites.go
│               ├── [ 22K]  common.go
│               ├── [ 30K]  conn.go
│               ├── [ 18K]  handshake_client.go
│               ├── [ 31K]  handshake_messages.go
│               ├── [ 21K]  handshake_server.go
│               ├── [ 12K]  key_agreement.go
│               ├── [1.4K]  LICENSE
│               ├── [ 11K]  prf.go
│               ├── [4.7K]  ticket.go
│               └── [9.4K]  tls.go
├── [ 248]  main.go
├── [ 385]  README.md
└── [4.0K]  server
    └── [1.0K]  main.go

5 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.