Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows a threat actor to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them.
For devices that are affected by this vulnerability, vendors have released patches to address the issue. However, the authors of this attack recommend more generally that RSA encryption is disabled in favour of Elliptic curve cryptography.
It is recommended that:
- RSA encryption is disabled
References
Previous
Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH)
Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) is a vulnerability similar in nature to CRIME, but where CRIME affected TLS/SPDY compression, BREACH affects HTTP compression. Where an application supports HTTP compression, reflects user-input within response bodies, and includes confidential information in that body – such as a [...]| Play | Cover | Release Label |
Track Title Track Authors |
|---|