Severity
Low
Advisory
When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure Opera’s response speed, and deduce the content. By trial and error, entire strings may be read.
Network and system stability will have a significant effect on the detection rate, in most cases making reading of data prohibitive.
Opera’s response
Opera Software has released Opera 12.13, where this issue has been fixed.
Credits
Thanks to Nadhem AlFardan and Kenny Paterson, Royal Holloway, University of London, for reporting this issue to us.