• |

December 12, 2017

About A10 PSIRT Team

The A10 SERT Team is A10 Networks' Security Engineering Research Team.

All posts by the Author

December 12, 2017

10 With A10: 10 Security Predictions for 2018

In the 1970s, the Amazing Kreskin wowed audiences with his uncanny ability to see the future. Using suggestion, he’d make predictions. While Kreskin would stop short of calling himself a psychic – instead choosing to be considered an entertainer – his predictions often came true. Today, we’re going to do our best Kreskin impression and…

February 9, 2017

HTTPS Interception and the Truth About Thunder SSLi Cipher Support

The A10 Networks Security Engineering Research Team recently reviewed the paper titled, “The Security Impact of HTTPS Interception,” which examines and grades the “security of TLS interception middleboxes,” including A10 Networks Thunder SSL Insight (SSLi). Unfortunately, the authors of the report did not contact us for guidance on the appropriate configuration for their testing requirements.…

September 23, 2016

Patch Available for CVE-2014-8730 Padding Flaw

A10 Thunder ADC appliances running ACOS versions 2.7.2 P3 or earlier are susceptible to a TLS padding attack. The TLS padding flaw, identified as CVE-2014-8730, is a new variant of the POODLE vulnerability disclosed in October. The TLS padding flaw can be exploited remotely, allowing an attacker to decrypt sensitive data in the SSL connection. Vulnerability…

June 10, 2016

CVE-2016-0270 GCM nonce vulnerability

Back in February we were contacted by Hanno Böck who had discovered an issue with how certain devices generate the nonce for AES-GCM and subsequently published a paper on the topic and the bug was assigned CVE-2016-0270. Even though in our case the bug had low severity, we tracked down the source and corrected the…