Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure
Medium Nessus Plugin ID 105415
SynopsisThe server leaks whether or not an RSA-encrypted ciphertext is formatted correctly.
DescriptionThe remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.
Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.
This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.
This plugin requires report paranoia as some services will report as affected even though the issue is not exploitable.
SolutionUpgrade to a patched version of the software. Alternatively, disable RSA key exchanges.