Thursday, August 27, 2020

TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).

Related posts


  1. Android Hack Tools Github
  2. Pentest Tools Subdomain
  3. Install Pentest Tools Ubuntu
  4. Hack Tools Github
  5. Pentest Tools Nmap
  6. Pentest Tools
  7. Hacker Tools Apk
  8. Hacking Tools For Beginners
  9. Hackers Toolbox
  10. Hacker Tools
  11. Hack Tools For Pc
  12. Hacking Tools For Kali Linux
  13. Easy Hack Tools
  14. Pentest Tools Alternative
  15. Nsa Hacker Tools
  16. Hacker Security Tools
  17. Hacker Tool Kit
  18. Hack Tools
  19. Computer Hacker
  20. Hack Apps
  21. Pentest Tools Windows
  22. What Is Hacking Tools
  23. Pentest Tools For Windows
  24. Growth Hacker Tools
  25. Pentest Tools Alternative
  26. Hacker Tools List
  27. Hacks And Tools
  28. Usb Pentest Tools
  29. Hacking Tools Hardware
  30. New Hacker Tools
  31. Pentest Tools Framework
  32. Hacker Tools For Mac
  33. Hacker Tools
  34. Pentest Tools Url Fuzzer
  35. Game Hacking
  36. Pentest Automation Tools
  37. Hacker Tools Linux
  38. Hack Tool Apk No Root
  39. Hacker Tools For Pc
  40. Pentest Tools For Mac
  41. Pentest Tools Windows
  42. Hacking Tools For Kali Linux
  43. Pentest Tools Review
  44. Hack Tools For Mac
  45. Hak5 Tools
  46. Hacking Tools Online
  47. Hack Tools Mac
  48. Hacker Tools Apk Download
  49. Hack Tools Pc
  50. Pentest Tools Website
  51. How To Install Pentest Tools In Ubuntu
  52. Hack Tools For Games
  53. What Are Hacking Tools
  54. Hacking Tools Hardware
  55. Hacker Tools For Ios
  56. Hacking Apps
  57. Pentest Tools Download
  58. Hacker Tools Windows
  59. Hacker Tools Software
  60. Hack Website Online Tool
  61. Hacker Tools For Ios
  62. Hacker Tools Hardware
  63. Nsa Hack Tools
  64. Hacking Tools Free Download
  65. Pentest Tools Apk
  66. Hacker Hardware Tools
  67. Hack Rom Tools
  68. Pentest Tools Windows
  69. Hacker Security Tools
  70. Hacker Tool Kit
  71. Hacking Tools For Games
  72. Hacker Tools
  73. New Hack Tools
  74. Pentest Tools Online
  75. Pentest Tools For Android
  76. Hacking Tools For Kali Linux
  77. Hack Tools For Pc
  78. Hacking Tools For Beginners
  79. Wifi Hacker Tools For Windows
  80. Growth Hacker Tools
  81. Hack Website Online Tool
  82. Pentest Tools Windows
  83. Hacker Tools Mac
  84. Hacking Tools Windows 10
  85. Pentest Tools Kali Linux
  86. Black Hat Hacker Tools
  87. Pentest Tools Url Fuzzer
  88. Hacker Tools Hardware
  89. Hack Tools
  90. Hacker Tools Free Download
  91. Hacker Tools For Mac
  92. Hacker Tools Software
  93. Pentest Tools List
  94. Pentest Tools Windows
  95. Hack Tools For Games
  96. Hackrf Tools
  97. Pentest Tools Apk
  98. Pentest Tools
  99. Hacking Tools For Windows 7
  100. Computer Hacker
  101. Pentest Reporting Tools
  102. Hacker Tools Software
  103. Pentest Tools Framework
  104. Pentest Tools Bluekeep
  105. Hacker
  106. Hacking Tools Name
  107. Best Hacking Tools 2019
  108. Pentest Box Tools Download
  109. Install Pentest Tools Ubuntu
  110. Pentest Tools For Android
  111. Bluetooth Hacking Tools Kali
  112. Hacking Tools Hardware
  113. Hack Tools For Mac
  114. Hack Tools Online
  115. Hacking Apps
  116. Hacker Tools 2020
  117. Hack App
  118. Hacker Tools Github
  119. Hacking Tools 2020
  120. Hacking Tools Pc
  121. Pentest Tools Kali Linux
  122. Hacking Tools Download
  123. Hack Tools
  124. Hacking Tools Hardware
  125. Hackrf Tools
  126. Best Hacking Tools 2019
  127. Beginner Hacker Tools
  128. Hacking App
  129. Pentest Tools For Mac
  130. Hack Apps
  131. Pentest Tools For Android
  132. Hak5 Tools
  133. Hak5 Tools
  134. Best Hacking Tools 2020
  135. Hack Tools 2019
  136. Hacking Tools For Windows 7
  137. Hacking Tools Usb
  138. Hak5 Tools
  139. Hacking Tools Kit
  140. Pentest Tools Apk
  141. Hacker Hardware Tools
  142. Hack Tool Apk
  143. Black Hat Hacker Tools
  144. Hacking Tools Windows
  145. Pentest Tools For Ubuntu
  146. Hack Rom Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)