Return Of Bleichenbacher Oracle Threat [ROBOT]
ROBOT – Return Of Bleichenbacher Oracle Threat, is an attack model based on Daniel Bleichenbacher chosen-ciphertext attack. Bleichenbacher discovered an adaptive-chosen ciphertext attack against protocols using RSA, he demonstrated the ability to perform RSA private-key operations. Researchers have been able to exploit the same vulnerability with small variations to the Bleichenbacher attack.
PKCS #1 v1.5 padding mode used in SSL error messages is susceptible to adaptive-chosen ciphertext attack. It compromises the confidentiality of TLS when it is used with RSA. It allows attacker to decrypt ciphertexts or sign messages with the server’s private key, decrypt previously recorded sessions . ROBOT attack does not recover server’s private key.
Services that support TLS with RSA are vulnerable to offline attacks. Hosts supporting forward secrecy with RSA are vulnerable to man in the middle attack as the attacker is able to sign messages using private key, but this approach has limitations. The vulnerability is a result of an implementation bug in the server code. The researchers claim that many websites on the Alexa top 100 are vulnerable. They have identified many vendors like F5,Citrix,Cisco etc. to be affected by this vulnerability. Currently there is no PoC publicly available.
Please use Qualys SSL Labs tool to test for ROBOT attack. We request our clients to apply the latest patches as released by the respective vendors, if patching is not immediately possible please consider disabling RSA encryption-based key exchange modes where possible . Scan your network with the QID’s listed below to detect vulnerable targets. Qualys will continue to add more detection as vendors release there fixes to address ROBOT attack.
|370661||F5 BIG-IP ASM OpenSSL Man in the Middle Vulnerability (K21905460) (ROBOT Attack / Bleichenbacher Attack)|
|370683||Citrix NetScaler ADC and Gateway TLS Padding Oracle Vulnerability (CTX230238) (ROBOT Attack / Bleichenbacher Attack)|
Please continue to follow Qualys Threat Feed for information about this vulnerability.