Welcome to WebmasterWorld Guest from 54.227.6.156

Forum Moderators: open

Featured Home Page Discussion

ROBOT Website Exploit is Back, After 19 Years

     
3:28 pm on Dec 13, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24931
votes: 644


Websites are vulnerable to a crypto exploit, called ROBOT, which was originally discovered way back in 1998. Tests proved even large sites were vulnerable, including Facebook.

According to researchers, the vulnerability allows "performing RSA decryption and signing operations with a private key of a TLS server."
Any hosts only supporting RSA encyption key exchanges are vulnerable, and a fix is available from a number of vendors. [robotattack.org...]
In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.ROBOT Exploit is Back, After 19 Years [robotattack.org]


There's a test to check your server vulnerability [robotattack.org...]
6:14 pm on Dec 14, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:10388
votes: 597


My server is not vulnerable, however I still allow RSA connections and limit behavior through several header security controls.
9:01 pm on Dec 14, 2017 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 10, 2004
posts: 439
votes: 39


My server and my clients systems are good. :)
9:10 am on Dec 15, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24931
votes: 644


There is a patch, so it's encouraging to hear your servers are up-to-date and patched.
11:39 am on Dec 15, 2017 (gmt 0)

New User from IN 

joined:Nov 16, 2017
posts:5
votes: 0


My servers are not up to date. Looks like I need to update my servers and make sure that it is secure RSA connections
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members