Bleichenbacher Oracle Attack Variation Subjects TLS Encryption To Further Vulnerabilities

Encryption is one of the safest forms of securing data; yet academics recently found a vulnerability that allowed attackers to intercept encrypted Transport Layer Security (TLS) traffic.

Encryption uses ciphertext to code data sent or stored. The encryption then reverses when the recipient unlocks it with their key. By unlocking it, the recipient decrypts the message turning it back into plain text and enabling them to read the message. If intercepted during transmission, an intruder will receive the ciphertext as they do not have the key.

TLS is a cryptographic protocol providing end-to-end security over networks such as emails, instant messaging and web browsing applications. It uses Rivest, Shamir and Adelman (RSA) algorithms to de/encrypt messages. Although designed to secure the data sent or stored, attempts such as the Bleichenbacher oracle attack managed to authenticate and RSA decrypt with a private key of a TLS server. In 1998, Bleichenbacher exploited the error messages by SSL servers with the PKCS#1 v1.5 function, to carry out an adaptive-chosen ciphertext attack. The attack sent millions of ciphertexts to the decryption device.

In the past years, a slight variation to this attack has formed, with organizations witnessing attacks such as DROWN and ROBOT. Each time, attackers added stronger countermeasures when attempting to guess the RSA decryption key. The newfound Bleichenbacher attack, not yet named, works against Google’s new QUIC encryption protocol.

Previous warnings

In the past, individuals and organizations were advised against using only RSA key exchanges because of this vulnerability. The attack not only leads to the hacker stealing data but also allows them to impersonate and change the data in transmission. Victims in the past have included Citrix Net Scaler Application Delivery Controller, IBMs HTTP server and Cisco ASA’s product.s

During recent testings by researchers, vulnerabilities were found in GnuTLS, WolfSSL, Apple CoreTLS and Amazon s2n. These organizations consequently released patches.

Let us know your thoughts in the comments section.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers