A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world’s top websites.
Last month, F5 Networks informed customers that some of its BIG-IP products include a vulnerability that can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks.
The security hole was reported to the vendor by Tripwire’s Craig Young, researcher and journalist Hanno Böck, and Juraj Somorovsky of Ruhr-Universität Bochum. The experts noted at the time that the issue affected products from other vendors as well and promised to release details at a later time.
While proof-of-concept (PoC) code will only be made available after affected organizations have had a chance to patch their systems, the researchers have published some additional details.
The attack method now has a name, a logo and a website. It has been dubbed ROBOT (Return Of Bleichenbacher’s Oracle Threat) and, as the name suggests, it’s related to an attack method discovered by Daniel Bleichenbacher back in 1998.
The vulnerability affects TLS connections that use RSA encryption and it can allow an attacker to access protected data. The weakness, however, cannot be exploited to obtain private keys.
“For hosts that are vulnerable and only support RSA encryption key exchanges it’s pretty bad. It means an attacker can passively record traffic and later decrypt it,” researchers explained. “For hosts that usually use forward secrecy, but still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker is able to perform the attack. We believe that a server impersonation or man in the middle attack is possible, but it is more challenging.”
In addition to F5, the vulnerability impacts products from Citrix (CVE-2017-17382), Radware (CVE-2017-17427), Cisco (CVE-2017-17428), Bouncy Castle (CVE-2017-13098), Erlang (CVE-2017-1000385) and WolfSSL (CVE-2017-13099). These organizations have released patches, except for Cisco, whose vulnerable ACE appliances have reached end-of-life. Several other vendors are also affected, but they will not be named until they release fixes.
Experts have determined that the best workaround is to disable RSA encryption, an action which they believe has relatively low costs.
Researchers have made available an online tool that can be used to test public HTTPS servers. An analysis showed that at least 27 of the top 100 Alexa websites, including Facebook and PayPal, were affected.
The vulnerability that allows ROBOT attacks has been known since 1998 and several variations have been found over the years. One recent version of the attack is known as DROWN, which Somorovsky and several others discovered last year.
Each new attack method resulted in a series of countermeasures being developed to protect systems against potential attacks. However, these measures have become increasingly complex, making them difficult for vendors to implement.
The experts who discovered ROBOT said the vulnerability had been hiding in plain sight and the attack involves only minor modifications to the original Bleichenbacher method.