### [CVE-2023-4421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421)
![](https://img.shields.io/static/v1?label=Product&message=NSS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%203.61%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Timing%20side-channel%20in%20PKCS%231%20v1.5%20decryption%20depadding%20code&color=brighgreen)

### Description

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/alexcowperthwaite/PasskeyScanner