A vulnerability has been discovered in the RSA implementation from different vendors which will allow Man-in-the-Middle attacks on encrypted messages.

Dubbed ROBOT (Return of Bleichenbacher’s Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.

The vulnerability is within the transport layer security protocol used for web encryption.

When originally discovered a patch was released, but it didn’t include replacing the RSA algorithm, the TLS standard was modified to make brute-force guessing harder.

Affected Platforms – TLS cipher modes that use RSA encryption

  • F5
  • Citrix
  • Radware
  • Cisco ACE
  • Cisco ASA
  • Bouncy Castle
  • Erlang
  • WolfSSL
  • MatrixSSL
  • Java / JSSE

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: