Beware of the ROBOT vulnerability

The Vulnerability

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.

We discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.

For more information please visit – https://robotattack.org/

Please call us if you require any advise about ROBOT – 0345 094 3070.