Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

medium Nessus Plugin ID 105415
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The server leaks whether or not an RSA-encrypted ciphertext is formatted correctly.


The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.

Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.

This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.

This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.


Upgrade to a patched version of the software. Alternatively, disable RSA key exchanges.

See Also

Plugin Details

Severity: Medium

ID: 105415

File Name: ssl_robot_bleichenbacher.nasl

Version: 1.16

Type: remote

Family: General

Published: 11/8/2019

Updated: 6/12/2020

Dependencies: ssl_supported_versions.nasl

Configuration: Enable paranoid mode

Risk Information

CVSS Score Source: CVE-2017-17428


Risk Factor: Medium

Score: 5.2


Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/12/2017

Reference Information

CVE: CVE-2012-5081, CVE-2016-6883, CVE-2017-6168, CVE-2017-12373, CVE-2017-13098, CVE-2017-13099, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-1000385