[aklug] "new" RSA vulnerability in some TLS implementations - ROBOT attack

Royce Williams royce at tycho.org
Tue Dec 12 08:24:12 AKST 2017

Qualys says that testing for ROBOT is now in their dev instance of the
Server Test:


On Tue, Dec 12, 2017 at 7:13 AM, Royce Williams <royce at tycho.org> wrote:

> https://robotattack.org/
> From the page:
> The Vulnerability
> ROBOT is the return of a 19-year-old vulnerability that allows
> performing RSA decryption and signing operations with the private key
> of a TLS server.
> In 1998, Daniel Bleichenbacher discovered that the error messages
> given by SSL servers for errors in the PKCS #1 1.5 padding allowed an
> adaptive-chosen ciphertext attack; this attack fully breaks the
> confidentiality of TLS when used with RSA encryption.
> We discovered that by using some slight variations this vulnerability
> can still be used against many HTTPS hosts in today's Internet.
> How bad is it?
> For hosts that are vulnerable and only support RSA encryption key
> exchanges it's pretty bad. It means an attacker can passively record
> traffic and later decrypt it.
> For hosts that usually use forward secrecy, but still support a
> vulnerable RSA encryption key exchange the risk depends on how fast an
> attacker is able to perform the attack. We believe that a server
> impersonation or man in the middle attack is possilbe, but it is more
> challenging.
> Who is affected?
> We have identifed vulnerable implementations from at least seven
> vendors including F5, Citrix, and Cisco. (Current patch status is
> listed below.)
> Some of the most popular webpages on the Internet were affected,
> including Facebook and Paypal. In total, we found vulnerable
> subdomains on 27 of the top 100 domains as ranked by Alexa.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20171212/ae71a815/attachment.html>

More information about the aklug mailing list