A new attack on the standard of encrypting web traffic just got a new famous vulnerability. In fact, the vulnerability is nothing really new—just something from 1998 that reappeared. Cryptographer Daniel Bleichenbacher found the original vulnerability. Therefore the new version is called “Return of Bleichenbacher’s Padding Oracle” — ROBOT.
The vulnerability is that the RSA algorithm stops at different times during its execution if certain error conditions are met. An attacker can use this to craft a specific request. With multiple such requests, he can decrypt traffic sent to and from the website.
To keep you safe, we have already updated our scanners. Effective immediately, you will see it in the dashboard if you are vulnerable. If you have not yet tested whether you are vulnerable for ROBOT (and dozens of other vulnerabilities), help yourself and get a free account on https://www.crashtest.cloud