Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

high Nessus Plugin ID 105415


The server leaks whether or not an RSA-encrypted ciphertext is formatted correctly.


The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.

Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.

This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.

This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.


Upgrade to a patched version of the software. Alternatively, disable RSA key exchanges.

See Also

Plugin Details

Severity: High

ID: 105415

File Name: ssl_robot_bleichenbacher.nasl

Version: 1.18

Type: remote

Family: General

Published: 11/8/2019

Updated: 5/18/2022

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.2


Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2017-17428


Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2017-6168

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/12/2017

Reference Information

CVE: CVE-2012-5081, CVE-2016-6883, CVE-2017-1000385, CVE-2017-12373, CVE-2017-13098, CVE-2017-13099, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-6168