OpenSSL ChaCha20-Poly1305 AEAD Cipher Long Nonce Vulnerability



A vulnerability in OpenSSL could allow an unauthenticated, remote attacker to conduct a cryptographic attack against a targeted system.

The vulnerability exists because the ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) cipher used by the affected software could allow a long nonce to be used during an encryption operation. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to conduct an attack that could impact the integrity and confidentiality of the affected application.

OpenSSL has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-1543

Source:: Cisco Multivendor Vulnerability Alerts