[SingCERT] Alert on the Return Of Bleichenbacher's Oracle Threat (ROBOT) Attack

Published on Thursday, 14 December 2017 16:40


On 12 December 2017, a group of security researchers published findings that indicated that Transport Layer Security (TLS) implementation using RSA ciphers are vulnerable and may lead to information disclosure risk. TLS is a widely used internet security protocol that provides data privacy and integrity between two communicating applications (i.e. browser and Internet Banking website).

This happens when applications with TLS implementation using RSA ciphers are subjected to adaptive-chosen-ciphertext attack. An attacker could send multiple selective ciphertexts to a victim for decryption. The results are then recorded and used to select subsequent ciphertexts, which will help to derive the TLS session keys. This vulnerability is named Return Of Bleichenbacher's Oracle Threat (ROBOT) Attack after Daniel Bleichenbacher who was the first person to discover this class of cryptosystem vulnerability 19 years ago (1998).

Affected Vendors/Implementations

The following vendors/implementations* are known to have TLS vulnerability:

  • Cisco CVE-2017-17428, CVE-2017-12373
  • Citrix CVE-2017-17382
  • Erlang CVE-2017-1000385
  • F5 Networks, Inc. CVE-2017-6168
  • Legion of the Bouncy Castle CVE-2017-13098
  • MatrixSSL CVE-2016-6883
  • Oracle Corporation CVE-2012-5081
  • Radware CVE-2017-17427
  • WolfSSL CVE-2017-13099


An attacker may be able to derive the TLS session key and fully decrypt the TLS traffic to access any sensitive information that is transmitted, such as login credentials and credit card numbers.


System administrators will need to patch their systems if their TLS are implemented using RSA ciphers by the affected vendors/implementations. Visit https://robotattack.org  for more information on the respective vendor's patches.

If patches are not available, consider disabling TLS RSA cipher suites, if possible, with the help of the product's documentation or seek assistance from the vendor.