You are here

The ROBOT attack

ROBOT, RSA, Bleichenbacher, DROWN

ROBOT is the return of a 19-year-old vulnerability that allows extraction of the server's private key in certain cases if RSA is supported as a key exchange protocol. It it based on the well known Bleichenbacher attack [2] and affects various implementations of TLS. For further details see [1].

Airlock WAF is not affected because current OpenSSL versions are not affected. Airlock Login/IAM is not affected, as it runs on Java 8 and BouncyCastle TLS is not used.

The TZ article [3] provides an overview how Airlock WAF protects against different types of attacks on SSL/TLS.


No action required

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required