Return Of Bleichenbacher’s Oracle Threat (ROBOT)

Product Tech Tips Index

What is ROBOT?

In 1998, Daniel Bleichenbacher identified a vulnerability involving the private key of a TLS server to perform RSA decryption. The vulnerability can cause serious security breaches that result in accepting traffic encrypted with RSA cyphers.

In December 2017 Hanno Böck and Juraj Somorovsky and Craig Young wrote a research paper titled “Return of Bleichenbacher’s Oracle Threat (ROBOT)” identifying how HTTPS hosts can still be vulnerable with the RSA and TLS security breach.

Is WebMux vulnerable to a ROBOT attack?

The WebMux has been successfully tested to not be vulnerable to the ROBOT attack.  However, as an extra precaution, you can completely disable RSA encryption by unchecking the RSA box on the WebMux SSL/TLS Management screen. By default with version 13.1.x, RSA is disabled for the WebMux SSL/TLS termination feature.

 

Return of Bleichenbacher's Oracle Threat