Inadequate Encryption Strength
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext does not start with All TLS servers that enable RSA key exchange as well as …