TLS Protocol Sensitive Information Disclosure Vulnerability (aka ROBOT)

Last Update Date: 14 Dec 2017 09:21 Release Date: 14 Dec 2017 5560 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

A 19-year old TLS protocol vulnerability was found in several software maninly used in web and other servers.

The vulnerability, given the name 'Return Of Bleichenbacher's Oracle Threat' (ROBOT), is caused by a problem with the implementation of RSA PKCS #1 v1.5.
Hosts with TLS protocol which only support RSA encryption key exchanges are vulnerable.
The vulnerability enables an attacker to gain access to sensitive information, e.g. private key, or even decrypt an encrypted message.
But for an actual attack, the attacker has to launch 'man in the middle' attack successfully beforehand, e.g. set up a fake Wi-Fi access point to sit between the server and the user.
Currently there are several vendors issuing fixes. Please refer to 'Solution' section on the information and also the workaround.

Impact

Please refer to 'Solution' section for affected products with patches.
You may test whether your website is vulnerable by using 'Test Server' function on robotattack.org.
For products affected but patches not yet released, the researcher claimed that the information will not be disclosed.
Currently the vulnerability only affects server side. There are no patches for browsers on client side.

Before installation of the software, please visit the software manufacturer web-site for more details.

For affected products with patches, please refer to the following webpage:
https://robotattack.org/#patches
Workaround: ROBOT only affects TLS cipher modes that use RSA encryption. It is strongly recommended to disable RSA encryption, i.e. all ciphers that start with TLS_RSA.