Return of Bleichenbacher’s Oracle Threat (ROBOT)
Author: HollyGraceful Published: 21 October 2022 Last Updated: 05 July 2023
Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows a threat actor to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them.
For devices that are affected by this vulnerability, vendors have released patches to address the issue. However, the authors of this attack recommend more generally that RSA encryption is disabled in favour of Elliptic curve cryptography.
It is recommended that:
- RSA encryption is disabled