TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.

We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.

See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.

You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:

$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]

In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:

14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true

In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).

More articles

1. Wifi Hacker Tools For Windows
2. Hacker Tools Free
3. Tools Used For Hacking
4. Best Hacking Tools 2019
5. Pentest Tools For Android
6. New Hacker Tools
7. Hacker Hardware Tools
8. How To Install Pentest Tools In Ubuntu
9. Hacker Security Tools
10. How To Hack
11. Hack Tool Apk
12. Hacker Tools Windows
13. Bluetooth Hacking Tools Kali
14. Hacking Tools Free Download
15. Wifi Hacker Tools For Windows
16. Hacking Tools For Kali Linux
17. Hacking Tools Github
18. Hacking Tools Windows 10
19. Pentest Tools For Windows
20. Beginner Hacker Tools
21. Hack Tools Mac
22. Black Hat Hacker Tools
23. Hacker Tools Software
24. Hacking Tools Download
25. Pentest Tools Url Fuzzer
26. Hacker Tools For Mac
27. Growth Hacker Tools
28. Hacker Tools Github
29. Hack Tools
30. Pentest Tools Github
31. Hack Tools 2019
32. Hacking Tools For Beginners
33. Hackrf Tools
34. Pentest Tools Tcp Port Scanner
35. Hacking App
36. Best Pentesting Tools 2018
37. Growth Hacker Tools
38. Usb Pentest Tools
39. Pentest Box Tools Download
40. Hacker Tool Kit
41. Pentest Tools Free
42. Hacking Tools Mac
43. Pentest Tools Tcp Port Scanner
44. Pentest Tools Linux
45. Hack Rom Tools
46. Pentest Tools For Windows
47. Github Hacking Tools
48. Hacks And Tools
49. Hacking Tools Download
50. Pentest Tools For Android
51. Kik Hack Tools
52. Hacker Tools Hardware
53. New Hacker Tools
54. Github Hacking Tools
55. Hacker Tools Free Download
56. Hacker Tools Linux
57. Hacking Tools Usb
58. Hacking Tools
59. Hacker Tools Free Download
60. Hacking Tools Windows 10
61. Kik Hack Tools
62. Hacking Tools For Beginners
63. How To Hack
64. Hacker Tools For Mac
65. New Hack Tools
66. Best Pentesting Tools 2018
67. Hacker Tools 2020
68. Hackers Toolbox
69. Pentest Tools For Windows
70. Best Pentesting Tools 2018
71. How To Hack
72. Pentest Tools Find Subdomains
73. Computer Hacker
74. Hacker Tools Windows
75. Pentest Tools Review
76. Android Hack Tools Github
77. Pentest Tools Apk
78. Hack Tools Online
79. Pentest Tools Android
80. Ethical Hacker Tools
81. Hacker Hardware Tools
82. Hacker Tools For Ios
83. Hacking Tools Online
84. Pentest Tools Subdomain
85. Hacking Tools 2020
86. Hacking Tools For Windows
87. Hacker Tools Mac
88. Hacking Tools
89. Nsa Hack Tools
90. Hacker Tools For Mac
91. Best Pentesting Tools 2018
92. Hacking Tools
93. Hacking Tools Software
94. Hackrf Tools
95. Best Hacking Tools 2020
96. Nsa Hack Tools Download
97. Hacking Tools 2020
98. Free Pentest Tools For Windows
99. Nsa Hack Tools
100. Tools 4 Hack
101. Best Pentesting Tools 2018
102. Hack Tools
103. Hacker Tools 2019
104. Hacking Tools Github
105. Pentest Box Tools Download
106. Hackers Toolbox
107. Pentest Tools Tcp Port Scanner
108. Hacking Tools For Beginners
109. Hack Website Online Tool
110. Hacking Tools Download
111. Hacking Tools 2020
112. Pentest Tools Alternative
113. Hack Tools Pc
114. Hack Tools 2019
115. Pentest Recon Tools
116. Nsa Hack Tools Download
117. Hack Tools For Windows
118. Nsa Hacker Tools
119. Ethical Hacker Tools
120. Pentest Tools For Android
121. Pentest Tools Apk
122. Hacker Tools
123. Hack Tools Pc
124. Pentest Tools Port Scanner
125. Github Hacking Tools
126. Github Hacking Tools
127. Android Hack Tools Github
128. Pentest Tools Apk
129. Hacker Tools 2019
130. Hack Tools For Mac
131. Hacker Search Tools
132. Hacking App
133. Pentest Tools Port Scanner
134. Hacker Tools Online
135. Android Hack Tools Github
136. Hack Tools Pc
137. Pentest Box Tools Download
138. How To Hack
139. Pentest Tools Tcp Port Scanner
140. Tools For Hacker
141. Pentest Tools For Android
142. Pentest Tools Review
143. Pentest Tools Review
144. Hacker
145. Tools Used For Hacking
146. Hacker Security Tools
147. Hacker Tools Software
148. Hacking Tools For Beginners
149. Bluetooth Hacking Tools Kali
150. Hack Apps
151. Beginner Hacker Tools
152. Hacking Tools 2020
153. Hacking Tools For Windows Free Download
154. Top Pentest Tools
155. Pentest Tools Port Scanner
156. World No 1 Hacker Software