ROBOT Attack

ROBOT Attack
15 December, 2017 Gonçalo Alberto

On 12 December 2017, a research paper entitled “Return of Bleichenbacher’s Oracle Threat” (ROBOT) was made publicly available. ROBOT is the return of a 19-year-old vulnerability which, under some circumstances, may allow for traffic decryption and server identity theft (websites).

Affected systems:
To date, vulnerable implementations from Cisco, Citrix, F5, Oracle, Radware and open-source projects, such as Bouncy Castle, Erlang and WolfSSL, have already been identified.

Researchers have also examined Alexa’s top 100 domains and concluded that 27 of those subdomains host vulnerable websites, including popular websites, such as Facebook and Paypal.

To check whether your system has been affected, take this simple test: https://robotattack.org/#check

 

Recommendation:

  • Carry out a vulnerability analysis;
  • Disable TLS RSA cyphers;
  • Apply safety patches and other specific recommendations from manufacturers.

 

Links that provide relevant information in relation to the recent occurrence:

https://robotattack.org/

https://robotattack.org/#patches

https://robotattack.org/#check

http://www.kb.cert.org/vuls/id/144389

 

Vulnerability management within organisations is a complex task. Warpcom’s portfolio offers solutions that help organisations with their vulnerability management. In this context, we highlight our partnership with Tenable and its Tenable.io solutions, as well as the Tenable Security Center.

Paulo Rosa
Security & Public Safety
Business Unit Manager