ROBOT TLS Vulnerability

US-CERT and the CERT Coordination Center (CERT/CC) issued a security advisory on a Transport Layer Security (TLS) vulnerability dubbed “ROBOT“.

According to the advisory, the Return of Bleichenbacher’s Oracle Threat (ROBOT) could allow an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions.

CERT/CC further warned that “TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks.”

Affected users and system administrators are encouraged to disable TLS RSA ciphers if possible as well as review and apply appropriate vendor updates if available.