Tuesday, December 12, 2017

TLS-Attacker v2.2 and the ROBOT attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.
Read more »
By at
Labels: , , ,
Subscribe to: Posts (Atom)

Beliebte Posts

  • DTD Cheat Sheet
    When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...
  • CORS misconfigurations on a large scale
    Inspired by James Kettle 's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security i...
  • Printer Security
    Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medic...
  • How To Spoof PDF Signatures
    One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is n...
  • How to Break Microsoft Rights Management Services
    In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks:  We complete...