Lucky Thirteen attack against implementations of the Transport Layer Security

Jijith Rajan
Published on
19 Jun 2022
1 min read

The Lucky Thirteen attack is a famous and one of the dangerous cryptographic timing attack. This attack is used against implementations of the Transport Layer Security (TLS) protocol that uses the CBC (Cipher Block Chaining) mode of operation. The server has a vulnerability that may cause Lucky Thirteen attack against implementations of the Transport Layer Security protocol. This may result in loss of sensitive information. An attacker can perform an attack on the MAC check during the processing of malformed CBC padding. This vulnerability allows an attacker to execute a plaintext-recovery attack using the statistical analysis of the packet’s timing data. This vulnerability is known as “Lucky Thirteen” attack. The TLS 1.1 and 1.2 are used in OpenSSL, OpenJDK, PolarSSL and so on. This attack is also possible on SSL 3.0 and TLS 1.0. It is impossible to find if a vulnerable version is active at the endpoint. Thus, all the SSL running CBC cipher were flagged as a potential vulnerability.


An attacker can steal sensitive information using the man in the middle attack. The man in the middle attack is used to sniff the communication. The sniffing process will leak information from the communication channel. The information might include usernames, passwords and so on.

Mitigation / Precaution

Beagle recommends the following impacts:-

  • It is best to disable TLS
  • Upgrade the OpenSSL version.
  • Remove all cipher block chaining ciphers.
  • Try to disable SSL-disable-CBC-ciphers.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment