robot-detect: Detection script for the ROBOT vulnerability

by do son · December 15, 2017

robot-detect

Tool to detect the ROBOT attack (Return of Bleichenbacher’s Oracle Threat).

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption.

We discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today’s Internet.

How bad is it?

For hosts that are vulnerable and only support RSA encryption key exchanges it’s pretty bad. It means an attacker can passively record traffic and later decrypt it.

For hosts that usually use forward secrecy, but still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker is able to perform the attack. We believe that a server impersonation or man in the middle attack is possible, but it is more challenging.

Who is affected?

We have identifed vulnerable implementations from at least seven vendors including F5, Citrix, and Cisco. (Current patch status is listed below.)

Some of the most popular webpages on the Internet were affected, including Facebook and Paypal. In total, we found vulnerable subdomains on 27 of the top 100 domains as ranked by Alexa.

You can use the test above to test public HTTPS servers. We also published a python tool to scan for vulnerable hosts.

Several vendors have fixes pending and will not be named at this time. The following table will be kept up to date as patches become available.

More info, please visit robotattack