You are here

The ROBOT attack

Keywords: 
ROBOT, RSA, Bleichenbacher, DROWN
Description: 

ROBOT is the return of a 19-year-old vulnerability that allows extraction of the server's private key in certain cases if RSA is supported as a key exchange protocol. It it based on the well known Bleichenbacher attack [2] and affects various implementations of TLS. For further details see [1].

Airlock WAF is not affected because current OpenSSL versions are not affected. Airlock Login/IAM is not affected, as it runs on Java 8 and BouncyCastle TLS is not used.

The TZ article [3] provides an overview how Airlock WAF protects against different types of attacks on SSL/TLS.

Resolution: 

No action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required