Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

Medium Nessus Plugin ID 105415


The server leaks whether or not an RSA-encrypted ciphertext is formatted correctly.


The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.

Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.

This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.

This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.


Upgrade to a patched version of the software. Alternatively, disable RSA key exchanges.

See Also

Plugin Details

Severity: Medium

ID: 105415

File Name: ssl_robot_bleichenbacher.nasl

Version: 1.9

Type: remote

Family: General

Published: 2017/12/26

Updated: 2019/03/06

Dependencies: 56984

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2017-6168

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Vulnerability Publication Date: 2017/12/12

Reference Information

CVE: CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2016-6883, CVE-2012-5081