CVE-2017-13098
BouncyCastle JCE TLS Bleichenbacher/ROBOT
In short
BouncyCastle TLS versions before 1.0.3 have a flaw in how they handle RSA encryption during TLS connections, allowing attackers to potentially recover the private encryption key through repeated connection attempts. This is a serious vulnerability that affects the security of encrypted communications.
Technical detail
BouncyCastle JCE TLS prior to 1.0.3 contains a Bleichenbacher oracle vulnerability (ROBOT attack) when RSA key exchange cipher suites are negotiated. The vulnerability stems from timing or error message differences in RSA decryption handling, enabling an attacker to distinguish valid from invalid ciphertexts and gradually recover the server's private key without authentication.
Summary generated and translated by AI from the official description.
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Legion of the Bouncy Castle · BouncyCastle TLSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlhttps://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5chttps://robotattack.org/https://security.netapp.com/advisory/ntap-20171222-0001/https://www.debian.org/security/2017/dsa-4072https://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://www.kb.cert.org/vuls/id/144389http://www.securityfocus.com/bid/102195