Sunday, August 30, 2020

TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).
Related links

  1. Hacking Tools For Beginners
  2. Hacking Tools Windows
  3. Hacker Hardware Tools
  4. Pentest Automation Tools
  5. Usb Pentest Tools
  6. Hacking Tools 2020
  7. Pentest Tools Download
  8. Hack Tools 2019
  9. Hack Tool Apk No Root
  10. Pentest Tools Linux
  11. Hacker Tools Online
  12. Hacking Tools For Pc
  13. New Hack Tools
  14. Hacking Tools Software
  15. Bluetooth Hacking Tools Kali
  16. Android Hack Tools Github
  17. Physical Pentest Tools
  18. Hacker Tools Apk Download
  19. Pentest Tools Alternative
  20. Pentest Tools Tcp Port Scanner
  21. Hack Rom Tools
  22. Hacking Apps
  23. Easy Hack Tools
  24. Pentest Tools Website
  25. Best Pentesting Tools 2018
  26. Hacking Tools Usb
  27. Pentest Tools Nmap
  28. Hacker Tool Kit
  29. Pentest Tools Website Vulnerability
  30. Hacking Tools Windows
  31. How To Install Pentest Tools In Ubuntu
  32. Hack Tools For Games
  33. Hack Tools Online
  34. Ethical Hacker Tools
  35. Hacking Tools Kit
  36. Hack Tools Download
  37. Hack Tool Apk No Root
  38. Hacking Tools For Windows 7
  39. Hack Tools Mac
  40. Pentest Tools Android
  41. Hack Tools For Windows
  42. Hack And Tools
  43. Pentest Tools Bluekeep
  44. Hacking App
  45. Hacker Tools Apk Download
  46. Hack Tools Download
  47. Nsa Hack Tools Download
  48. Hacker Hardware Tools
  49. Kik Hack Tools
  50. Black Hat Hacker Tools
  51. Github Hacking Tools
  52. Hacker Tools For Mac
  53. Top Pentest Tools
  54. Hacking Tools And Software
  55. Hack Tools For Games
  56. Hacker Tools Linux
  57. How To Hack
  58. Hacker Hardware Tools
  59. Blackhat Hacker Tools
  60. How To Install Pentest Tools In Ubuntu
  61. Pentest Tools Find Subdomains
  62. Hacking Tools Pc
  63. Hacker Search Tools
  64. Pentest Tools Apk
  65. Hacker Tools Github
  66. Hacker Hardware Tools
  67. Hacker Tools List
  68. What Is Hacking Tools
  69. Hacker Tools 2020
  70. What Are Hacking Tools
  71. Hack Tools For Games
  72. Nsa Hack Tools
  73. Hacking Tools For Windows
  74. Ethical Hacker Tools
  75. Pentest Tools For Android
  76. Best Hacking Tools 2020
  77. Hacking Tools Kit
  78. Hacking Tools Name
  79. Hacker Tools Apk
  80. Pentest Tools Android
  81. Pentest Tools Kali Linux
  82. Hack Website Online Tool
  83. Hack Tools Online
  84. Pentest Tools Windows
  85. Pentest Recon Tools
  86. Hacker Tools Free Download
  87. Hak5 Tools
  88. Pentest Tools
  89. Pentest Tools Subdomain
  90. Hacking Tools Windows
  91. Pentest Automation Tools
  92. Hacker Techniques Tools And Incident Handling
  93. Pentest Tools Download
  94. Hacks And Tools
  95. Hack Tools For Pc
  96. Pentest Tools Open Source
  97. Hack Tools For Ubuntu
  98. Hacker Techniques Tools And Incident Handling
  99. Hack Tools
  100. Hacker Tools Github
  101. Hacker Tools For Ios
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)