Transport Layer Security (TLS) Vulnerability: US-CERT

Topic

New Reply

Transport Layer Security (TLS) Vulnerability
https://www.us-cert.gov/ncas/current-activity/2017/12/13/Transport-Layer-Security-TLS-Vulnerability

Original release date: December 13, 2017

 
CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information.

The TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to affected products as they become available. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU #144389.

5 users thanked author for this post.

Elly, HiFlyer, DrBonzo, woody, satrow

Reply | Quote

Replies

Variation of 19-Year-Old Cryptographic Attack Affects Facebook, PayPal, Others
By Catalin Cimpanu | December 12, 2017

 
27 out of Top 100 sites vulnerable to ROBOT attacks
The ROBOT research team say that despite this being a variation for a 19-year-old attack, 27 of the Alexa Top 100 websites are vulnerable to the ROBOT attack. Vulnerable sites include Facebook and PayPal. The ROBOT attack scientific paper includes a case study how the research team decrypted Facebook traffic.

Other sites outside of the Alexa Top 100 may be vulnerable. Researchers have released a Python script that can help server admins scan for vulnerable hosts, and have also added a ROBOT vulnerability checker on the ROBOT attack homepage.

Just like it was the case with the DROWN flaw, this issue has huge repercussions, as an attacker could log HTTPS traffic and decrypt it at a later date.

 
Read the full article here

1 user thanked author for this post.

Elly

Reply | Quote

Old Crypto Vulnerability Hits Major Tech Firms
By Eduard Kovacs | December 13, 2017

 
A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world’s top websites.

Last month, F5 Networks informed customers that some of its BIG-IP products include a vulnerability that can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks.

 
Read the full article here

1 user thanked author for this post.

Elly

Reply | Quote

Thanks for the heads up on this Kirsty.

Last night I was in the middle of logging in to a website when I got a screen that looked legitimate saying “Cannot Display this Page” or something similar. It went on to say something about the site needing TLS 1.0, 1.1, or 1.2, and that by clicking the ‘Advanced settings’ button below I could configure my computer for TLS. I wish I could remember in more detail what the screen said, but that was the general idea. I had heard of TLS but didn’t know much if anything about it, so I immediately shut down my browser.

I had successfully logged in to the same site a few hours before and also a few hours later with no issues, and no attempt on my part to configure TLS settings.

Anyway, I’m not sure what to make of this or whether I was vulnerable or under attack. I did note from one of the links above that Microsoft products are not affected (I was using IE 11 which is updated through November patches)

If you have a spare moment, I’d be interested in any comments you might have either about my experience or the vulnerability in general. For a non-techie like me I find the CERT notifications kind of obtuse.

Thanks.

Reply | Quote

I read a couple of articles in Computerworld by Michael Horowitz on TLS in the middle of the year; until then, I blissfully unaware of certain issues about the older versions. You can find them here and here.

I recommend checking out Michael’s own blog site, now that he is no longer writing for Computerworld too, as well as his dedicated Router Security site.

2 users thanked author for this post.

satrow, DrBonzo

Reply | Quote