CVE-2017-13099

wolfSSL Bleichenbacher/ROBOT

CVSS 7.5 HIGHEPSS 24.9%CWE-203

In short

wolfSSL versions before 3.12.2 have a weakness in how they handle RSA encryption during TLS connections, allowing attackers to gradually figure out the private key through repeated connection attempts. This is a serious flaw that can compromise the entire security of encrypted communications.

Technical detail

wolfSSL prior to 3.12.2 implements a weak Bleichenbacher oracle in RSA key exchange cipher suites, enabling padding oracle attacks (ROBOT). An attacker can exploit timing or error response differences to perform plaintext recovery and progressively derive the private key without authentication; impacts confidentiality of all TLS sessions using RSA key exchange.

Summary generated and translated by AI from the official description.

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

wolfSSL · wolfSSL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf https://github.com/wolfSSL/wolfssl/pull/1229 https://robotattack.org/http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt http://www.kb.cert.org/vuls/id/144389 http://www.securityfocus.com/bid/102174