ROBOT Website Exploit is Back, After 19 Years

Forum Moderators: open

Message Too Old, No Replies

ROBOT Website Exploit is Back, After 19 Years

engine

3:28 pm on Dec 13, 2017 (gmt 0)

Websites are vulnerable to a crypto exploit, called ROBOT, which was originally discovered way back in 1998. Tests proved even large sites were vulnerable, including Facebook.

According to researchers, the vulnerability allows "performing RSA decryption and signing operations with a private key of a TLS server."
Any hosts only supporting RSA encyption key exchanges are vulnerable, and a fix is available from a number of vendors. [robotattack.org...]

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.ROBOT Exploit is Back, After 19 Years [robotattack.org]

There's a test to check your server vulnerability [robotattack.org...]

keyplyr

6:14 pm on Dec 14, 2017 (gmt 0)

My server is not vulnerable, however I still allow RSA connections and limit behavior through several header security controls.

motorhaven

9:01 pm on Dec 14, 2017 (gmt 0)

My server and my clients systems are good. :)

engine

9:10 am on Dec 15, 2017 (gmt 0)

There is a patch, so it's encouraging to hear your servers are up-to-date and patched.

zotek

11:39 am on Dec 15, 2017 (gmt 0)

My servers are not up to date. Looks like I need to update my servers and make sure that it is secure RSA connections