A team of security researchers has re-discovered an old security flaw in the RSA implementation from at least eight various manufacturers including F5, Citrix, and Cisco— that can be exploited by a remote attacker for retrieving encrypted data and launching man-in-the-middle (MitM) attacks.
The attack has been called ROBOT (Return of Bleichenbacher’s Oracle Attack), this vulnerability affects TLS connections that use RSA encryption and it can enable an attacker to access protected data by implementing RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.
The ROBOT attack has been discovered by Craig Young, researcher Hanno Böck, and Juraj Somorovsky of Ruhr-Universität Bochum.
According to the researchers:
“For hosts that are vulnerable and only support RSA encryption key exchanges it’s pretty bad. It means an attacker can passively record traffic and later decrypt it,”
“For hosts that usually use forward secrecy, but still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker is able to perform the attack. We believe that a server impersonation or man in the middle attack is possible, but it is more challenging.”
This attack does not recover the server’s private key. It does only allow an attacker to decrypt ciphertexts or sign messages with the server’s private key. It exploits implementations from many various vendors, some of them have already issued patches. You can find a list of the affected vendors on the ROBOT website.