A vulnerability from last century, dubbed ROBOT (Return Of Bleichenbacher’s Oracle Threat) is back and potentially impacts a number of major websites including Facebook and Paypal. ROBOT affects the handling of RSA encryption keys as they are applied to the TLS protocol. If a website uses these keys, it is possible to launch a man-in-the-middle attack by sending dodgy queries to a website which result in the session key being revealed. This allows an attacker to decrypt traffic between the web server and the browser.
Tripwire researcher Craig Young, along with several other researchers, detected and reported the flaw to a number of manufacturers whose hardware is affected.
Young said the flaws were first detected in 1998 but appropriate countermeasures were not properly implemented or tested. The flaw was reported as CVE-2017-6168 in the National Vulnerability Database last month with the researchers going public this week.
Researchers have made available an online tool, via the ROBOT website (because every good vulnerability needs a website and logo!), that can be used to test public HTTPS servers. An analysis showed that at least 27 of the top 100 Alexa websites, including Facebook and Paypal, were affected. And, on the hardware side, products from Cisco, F5, Citrix and others are impacted. There's a list of specific products on the ROBOT and Tripwire sites.
These sorts of vulnerabilities are something I've been concerned about for some time. Many of the tools and protocols that underpin the internet are quite old and were made at a time when the threat landscape was wildly different to today. The testing assumptions made back then, when these protocols and tools were first developed and deployed, are no longer valid. That means companies need to lift their game in looking for potential weaknesses and risks and question assumptions about what they think is safe.
That's not an easy thing to do but when flaws that were first reported 20 years ago are exploitable it's clear we need to update our approach. It's no longer sufficient to expect the only flaws we find to come from newly introduced systems. It's possible, even likely, that threat actors will look to exploit weaknesses in old protocols.