CVE-2023-45287 Overview
CVE-2023-45287 is a timing side-channel vulnerability affecting the RSA-based TLS key exchanges in Go versions prior to 1.20. The vulnerability stems from the math/big library not implementing constant-time operations, which allows potential attackers to extract sensitive session key information through precise timing measurements during TLS handshakes.
Critical Impact
Attackers may recover TLS session key bits through timing analysis, potentially compromising the confidentiality of encrypted communications in applications using affected Go versions.
Affected Products
- Golang Go versions prior to 1.20
- Applications using the crypto/tls library with RSA key exchange
- Systems relying on RSA-based TLS connections built with vulnerable Go versions
Discovery Timeline
- 2023-12-05 - CVE-2023-45287 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2023-45287
Vulnerability Analysis
This vulnerability is classified as a Timing Attack (CWE-203: Observable Discrepancy). The core issue lies in Go's implementation of RSA operations within TLS key exchanges prior to version 1.20. While RSA blinding was implemented as a countermeasure against timing attacks, subsequent analysis revealed that the protection was incomplete.
The vulnerability specifically affects the PKCS#1 padding removal process during RSA decryption. The non-constant-time nature of the math/big library operations means that the time taken to process different ciphertext values can vary measurably. This timing variance potentially leaks information about the private key operations, which an attacker positioned on the network could exploit to gradually recover session key bits.
This vulnerability is related to the broader class of Marvin attacks, which target RSA PKCS#1 v1.5 implementations that exhibit timing side channels. For additional context on this attack class, see the Red Hat Marvin Project Page.
Root Cause
The root cause is the use of the math/big library for RSA operations in the crypto/tls package. This library was not designed to provide constant-time guarantees, making it unsuitable for cryptographic operations where timing consistency is essential. Specifically, the variable-time behavior during PKCS#1 v1.5 padding removal creates an observable timing discrepancy that can be exploited by attackers.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker must be able to observe and measure the timing of TLS handshakes with a vulnerable server or client. By performing many connection attempts and statistically analyzing the response times, an attacker could potentially extract information about session keys.
The attack scenario involves:
- An attacker initiates multiple TLS connections to a target server using RSA key exchange
- Precise timing measurements are collected for each handshake
- Statistical analysis of timing variations reveals information about the RSA decryption process
- Over many iterations, session key bits can potentially be recovered
For technical discussion of the underlying implementation issue, refer to the Go.dev Issue 20654 Discussion.
Detection Methods for CVE-2023-45287
Indicators of Compromise
- Unusual patterns of repeated TLS connection attempts from single sources targeting RSA-based cipher suites
- High volume of incomplete or rapidly-terminated TLS handshakes from specific IP addresses
- Network traffic analysis revealing statistical probing patterns characteristic of timing attacks
- Anomalous TLS negotiation patterns favoring RSA key exchange over ECDHE alternatives
Detection Strategies
- Implement TLS connection logging to identify unusual handshake patterns and repeated connection attempts
- Deploy network monitoring to detect high-frequency connection attempts that may indicate timing analysis
- Use application dependency scanning tools to identify Go applications built with versions prior to 1.20
- Monitor for cipher suite negotiation anomalies that specifically request RSA key exchange
Monitoring Recommendations
- Enable detailed TLS handshake logging on servers handling sensitive communications
- Configure alerting for abnormal TLS connection rates from individual sources
- Implement Software Bill of Materials (SBOM) tracking to identify affected applications across the environment
- Review TLS configuration to ensure RSA key exchange is disabled where possible
How to Mitigate CVE-2023-45287
Immediate Actions Required
- Upgrade all Go-based applications to Go version 1.20 or later, which implements fully constant-time RSA operations
- Audit deployed applications and services to identify those using vulnerable Go versions
- Configure TLS settings to prefer ECDHE-based key exchanges over RSA where immediate patching is not possible
- Review and update Go module dependencies to ensure transitive dependencies are also updated
Patch Information
The vulnerability is addressed in Go 1.20 and later versions. The crypto/tls library was rewritten to use a fully constant-time RSA implementation that eliminates observable timing variations. For detailed information about the fix, see the Go.dev Vulnerability Report GO-2023-2375 and the Go.dev CL 326012 Update.
Additional vendor advisories include:
Workarounds
- Disable RSA key exchange cipher suites in TLS configuration if upgrading Go is not immediately feasible
- Configure servers to prefer ECDHE-based cipher suites which are not affected by this vulnerability
- Implement network-level rate limiting to reduce the effectiveness of timing-based attacks
- Deploy TLS termination proxies running patched software in front of vulnerable applications
# Example: TLS configuration to disable RSA key exchange (application-specific)
# For Go applications, configure the tls.Config to exclude RSA key exchange cipher suites
# Prefer cipher suites using ECDHE key exchange:
# TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
