Clarify attribution for the Bleichenbacher's Cat fix

2018-12-01 22:43:08 +00:00 · 2018-12-01 22:43:08 +00:00 · fabc6001ff
commit fabc6001ff
parent 51b8a2fa87
1 changed files with 5 additions and 2 deletions
--- a/7
+++ b/7
@ -7,8 +7,11 @@ Security
     decryption that could lead to a Bleichenbacher-style padding oracle
     attack. In TLS, this affects servers that accept ciphersuites based on
     RSA decryption (i.e. ciphersuites whose name contains RSA but not
-     (EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
-     Shamir, David Wong and Yuval Yarom. CVE-2018-19608
+     (EC)DH(E)). Discovered by Eyal Ronen (Weizmann Institute),  Robert Gillham
+     (University of Adelaide), Daniel Genkin (University of Michigan),
+     Adi Shamir (Weizmann Institute), David Wong (NCC Group), and Yuval Yarom
+     (University of Adelaide, Data61). The attack is described in more detail
+     in the paper available here: http://cat.eyalro.net/cat.pdf  CVE-2018-19608
   * In mbedtls_mpi_write_binary(), don't leak the exact size of the number
     via branching and memory access patterns. An attacker who could submit
     a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing