A vulnerability has been discovered in the RSA implementation from different vendors which will allow Man-in-the-Middle attacks on encrypted messages.
Dubbed ROBOT (Return of Bleichenbacher’s Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.
The vulnerability is within the transport layer security protocol used for web encryption.
When originally discovered a patch was released, but it didn’t include replacing the RSA algorithm, the TLS standard was modified to make brute-force guessing harder.
Affected Platforms – TLS cipher modes that use RSA encryption
- Cisco ACE
- Cisco ASA
- Bouncy Castle
- Java / JSSE