Loading…

Register   or Login

Description:

Perhaps you have already heard of the 1998 vulnerability in RSA originally discovered by Daniel Bleichenbacher. It has now resurfaced as Return of Bleichenbacher's Oracle Threat aka ROBOT attack. Long story short the vulnerability allows attackers to passively record traffic and decrypt data without having a private key.

 The most comprehensive guide on vulnerability, risk and impact is published by Hanno BöckJuraj Somorovsky (Hackmanit GmbH, Ruhr-Universität Bochum), Craig Young (Tripwire VERT) at  hXXps://robotattack[dot]org

Full paper published at the Cryptology ePrint Archive

 SSL Framework advanced is a turn-key SIEM content that uses Qualys SSLLabs, open-source scripts and QualysGuard Vulnerability Management data on SSL/TLS certificates to continuously track, provide a holistic view and automatic alerting on any vulnerabilities in TLS digital certificates and their proper implementation. The advanced version includes:

  • Python connector to SSLLabs API
  • ROBOT-attack detection script by https://github.com/robotattackorg/robot-detect/blob/master/robot-detect
  • hXXps://testssl.sh
  • HiTechBridge API connector is planned for Q1 2018

 SSL Framework automates the monitoring and alerting process on:

Self-signed, Revoked and Wildcard certificates;

Detection of common vulnerabilities that can lead to attacks from Heartbleed to DROWN and ROBOT attack.

All alerts and holistic certificate view is displayed in SIEM dashboard for ArcSight, QRadar or Splunk.

REMEDIATION & MITIGATION

The most complete remediation is to disable RSA encryption-based key exchange modes where possible. This guarantees protection against known and unknown vulnerabilities with a minimal impact on HTTPS client compatibility.

Software vendors have already released patches and configuration guides. A tracker is published at hXXps://robotattack[dot]org

Table with references as of Wednesday, December 13, 2017:

F5

BIG-IP SSL vulnerability

CVE-2017-6168

Citrix

TLS Padding Oracle Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway

CVE-2017-17382

Radware

Security Advisory: Adaptive chosen-ciphertext attack vulnerability

CVE-2017-17427

Cisco ACE

End-of-Sale and End-of-Life

CVE-2017-17428

Bouncy Castle

Fix in 1.59 beta 9Patch / Commit

CVE-2017-13098

Erlang

OTP 18.3.4.7OTP 19.3.6.4OTP 20.1.7

CVE-2017-1000385

WolfSSL

Github PR / patch

CVE-2017-13099

MatrixSSL

Changes in 3.8.3

CVE-2016-6883

Java / JSSE

Oracle Critical Patch Update Advisory – October 2012

CVE-2012-5081

Other integrations: