FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

VA scan shows LUCKY13 Vulnerability for our Managed component

LucaG
Dynatrace Participant
Dynatrace Participant

on ‎17 Apr 2024 04:11 PM - edited on ‎17 Apr 2024 04:12 PM by Dynatrace Leader

Self Service Summary

Some customers have detected exposure to the "LUCKY13 Vulnerability attack" in their VA scans for our Managed component.
Also known as CVE-2013-0169, this vulnerability has been analyzed and fixed.

We are not affected, there is no risk that the “Lucky13” can be exploited on our systems.

 

Issue Solution Tasks Alternative(s)
LUCKY13 Vulnerability attack We are not affected. Check below information and explain it to your Security Team

The implementations used by Dynatrace are all up to date and contain the corresponding patches.

Please submit a Support ticket if you have additional questions or concerns.

 

The use of cipher suites for TLS that operate in CBC mode can be considered an issue if the underlying implementation is not protected against this kind of attack.

The “Lucky13” timing attack was found in 2013 and, as also stated in NVD - CVE-2013-0169, has since been mitigated in several libraries like: OpenSSL, PolarSSL, Mozilla NSS, gnuTLS, BouncyCastle, and basically all other industry-relevant libraries used for cryptographic purposes.

Version history
Last update:
‎17 Apr 2024 04:12 PM
Updated by:
Dynatrace Leader