TLS-Attacker V2.2 And The ROBOT Attack

Posted by Daniel Vievo

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).

More information


  1. Hacker Tools Software
  2. Hacker Security Tools
  3. Hackers Toolbox
  4. Hacker Tools List
  5. Pentest Tools Download
  6. Hacking Tools Windows 10
  7. Hack Tools For Games
  8. Computer Hacker
  9. Pentest Tools Port Scanner
  10. How To Make Hacking Tools
  11. Hack Rom Tools
  12. Hacker Tools 2019
  13. Pentest Tools For Mac
  14. Hacking Tools 2020
  15. Hack Tools Online
  16. Best Pentesting Tools 2018
  17. Hacking Tools Download
  18. Hacking Tools Windows 10
  19. Tools Used For Hacking
  20. Best Hacking Tools 2020
  21. Hacking App
  22. Pentest Tools Framework
  23. Wifi Hacker Tools For Windows
  24. Hacking Tools For Windows Free Download
  25. Nsa Hack Tools
  26. Pentest Reporting Tools
  27. Hacking Tools 2020
  28. Black Hat Hacker Tools
  29. Pentest Tools Url Fuzzer
  30. Wifi Hacker Tools For Windows
  31. Growth Hacker Tools
  32. Hacker Techniques Tools And Incident Handling
  33. Bluetooth Hacking Tools Kali
  34. Pentest Box Tools Download
  35. Nsa Hack Tools Download
  36. Pentest Tools Online
  37. Best Pentesting Tools 2018
  38. Pentest Tools Bluekeep
  39. Hacker Tools Online
  40. Hack Tools Download
  41. Hack Tools Download
  42. Hack Tools For Games
  43. Hacking Tools Free Download
  44. Pentest Tools Free
  45. Hack Tool Apk No Root
  46. Hacking Tools Pc
  47. Hacker Techniques Tools And Incident Handling
  48. Hack Tools Github
  49. Hack Tools Download
  50. Pentest Tools Website Vulnerability
  51. How To Make Hacking Tools
  52. Hacker Tools For Mac
  53. Hack Tools 2019
  54. Hacking Apps
  55. Free Pentest Tools For Windows
  56. Hackers Toolbox
  57. Pentest Tools Windows
  58. Hackers Toolbox
  59. Hacking Tools Windows 10
  60. Hacker Tools Online
  61. Hacker Tools For Pc
  62. Hacker Security Tools
  63. Pentest Tools Website
  64. Hack Tools Github
  65. Tools 4 Hack
  66. Pentest Tools Port Scanner
  67. Hacking Tools Hardware
  68. Hack Tools For Windows
  69. Hacking Tools Usb
  70. Pentest Tools For Android
  71. Hack Tools For Ubuntu
  72. Hacker Tools Linux
  73. Pentest Tools Apk
  74. Hacking Tools Pc
  75. Hack Tools Online
  76. Hack Apps
  77. Github Hacking Tools
  78. Hack Tools
  79. Hacking Tools 2019
  80. Black Hat Hacker Tools
  81. Pentest Tools Windows
  82. Github Hacking Tools
  83. Pentest Tools Find Subdomains
  84. How To Make Hacking Tools
  85. Pentest Tools Free
  86. Pentest Tools Online
  87. Hacker Tools Github
  88. Hack Tools For Mac
  89. Pentest Tools Port Scanner
  90. Pentest Tools Windows
  91. Pentest Tools Kali Linux
  92. Blackhat Hacker Tools
  93. Hack And Tools
  94. Hacking Tools For Pc
  95. Github Hacking Tools
  96. Pentest Tools Review
  97. Hack Tools Mac
  98. Hacking Tools Software
  99. Best Hacking Tools 2020
  100. Pentest Tools Tcp Port Scanner
  101. Termux Hacking Tools 2019
  102. Hacking Tools Software
  103. Hacking Tools Online
  104. Hack Apps
  105. Hacking Tools Mac
  106. Pentest Tools Tcp Port Scanner
  107. Hacking Tools
  108. Hacking Tools
  109. Hack Tools Mac
  110. Install Pentest Tools Ubuntu
  111. Pentest Tools
  112. Hacking Tools 2020
  113. Hack Tools
  114. Termux Hacking Tools 2019
  115. Nsa Hacker Tools
  116. Hack Tools 2019
  117. Hacker Tools Hardware
  118. Github Hacking Tools
  119. Pentest Tools For Ubuntu
  120. Kik Hack Tools
  121. Hacker Tools Online
  122. Pentest Tools Website
  123. Pentest Tools Linux
  124. Termux Hacking Tools 2019
  125. Pentest Tools Nmap
  126. Pentest Tools Subdomain
  127. Hacker Tools Free Download
  128. New Hack Tools
  129. Hacker
  130. Hack Tools
  131. Pentest Tools
  132. Hacker Search Tools
  133. Pentest Tools Framework
  134. Pentest Tools List
  135. Hacker Tools Mac
  136. What Is Hacking Tools
  137. Tools Used For Hacking
  138. Hacking Tools For Kali Linux
  139. Hack Apps
  140. Hacker
  141. Hackers Toolbox
  142. Pentest Tools Framework

|

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)