cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
LucaG
Dynatrace Participant
Dynatrace Participant

Self Service Summary

Some customers have detected exposure to the "LUCKY13 Vulnerability attack" in their VA scans for our Managed component.
Also known as CVE-2013-0169, this vulnerability has been analyzed and fixed.

We are not affected, there is no risk that the “Lucky13” can be exploited on our systems.

 

Issue Solution Tasks Alternative(s)
LUCKY13 Vulnerability attack We are not affected. Check below information and explain it to your Security Team

The implementations used by Dynatrace are all up to date and contain the corresponding patches.

Please submit a Support ticket if you have additional questions or concerns.

 

The use of cipher suites for TLS that operate in CBC mode can be considered an issue if the underlying implementation is not protected against this kind of attack.

The “Lucky13” timing attack was found in 2013 and, as also stated in NVD - CVE-2013-0169, has since been mitigated in several libraries like: OpenSSL, PolarSSL, Mozilla NSS, gnuTLS, BouncyCastle, and basically all other industry-relevant libraries used for cryptographic purposes.

Version history
Last update:
‎17 Apr 2024 04:12 PM
Updated by: