A 19-year-old vulnerability has been re-discovered from the RSA implementation by at least 8 different vendors—including F5, Citrix, in addition to also Cisco—in which can give remote attackers access to encrypted messages.
Dubbed ROBOT (Return of Bleichenbacher’s Oracle Attack), the attack allows an attacker to perform RSA decryption in addition to also cryptographic operations using the private key configured on the vulnerable TLS server.
ROBOT attack will be nothing yet a couple of minor variations to the old Bleichenbacher attack on the RSA encryption protocol.
First discovered in 1998 in addition to also named after Swiss cryptographer Daniel Bleichenbacher, the Bleichenbacher attack will be a padding oracle attack on RSA-based PKCS#1 v1.5 encryption scheme used in SSLv2.
Leveraging an adaptive chosen-ciphertext attack which occurred due to error messages by SSL servers for errors from the PKCS #1 1.5 padding, Bleichenbacher attack allows attackers to determine whether a decrypted message will be correctly padded.
This specific information eventually helps attackers decrypt RSA ciphertexts without recovering the server’s private key, completely breaking the confidentiality of TLS when used with RSA encryption.
In 1998, Bleichenbacher proposed to upgrade encryption scheme, yet instead, TLS designers kept the vulnerable encryption modes in addition to also added a series of complicated countermeasures to prevent the leakage of error details.
right now, a team of security researchers has discovered in which these countermeasures were incomplete in addition to also just by using some slight variations, This specific attack can still be used against many HTTPS hosts in today’s Internet.
The newly found ROBOT attack will be the nothing yet the rebirth of This specific old Bleichenbacher attack.
“We changed the item to allow various different signals to recognize between error types like timeouts, connection resets, duplicate TLS alerts,” the researchers said.
“We also discovered in which by using a shortened message flow where we send the ClientKeyExchange message without a ChangeCipherSpec in addition to also Finished message allows us to find more vulnerable hosts.”
According to the researchers, some of the most well-liked websites on the Internet, including Facebook in addition to also Paypal, are affected by the vulnerability. The researchers found “vulnerable subdomains on 27 of the top 100 domains as ranked by Alexa.“
ROBOT attack stems by the above-mentioned implementation flaw in which only affects TLS cipher modes using RSA encryption, allowing an attacker to passively record traffic in addition to also later decrypt the item.
“For hosts in which usually use forward secrecy, yet still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker will be able to perform the attack,” the researchers said.
“We believe in which a server impersonation or man from the middle attack will be possible, yet the item will be more challenging.”
The ROBOT attack has been discovered by Hanno Böck, Juraj Somorovsky of Ruhr-Universitat Bochum/Hackmanit GmbH, in addition to also Craig Young of Tripwire VERT, who also created a dedicated website explaining the whole attack, its implications, mitigations in addition to also more.
The attack affects implementations by several different vendors, some of which have already released patches in addition to also most have support notes acknowledging the issue.
You will find the list of affected vendors on the ROBOT website.
The researchers have also released a python tool to scan for vulnerable hosts. You can also check your HTTPS server against ROBOT attack on their website.