Friday, August 21, 2020

TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).
Related articles
  1. Ethical Hacker Tools
  2. Hack Tools For Games
  3. Hack Tools
  4. Best Hacking Tools 2019
  5. Bluetooth Hacking Tools Kali
  6. Beginner Hacker Tools
  7. Pentest Tools Tcp Port Scanner
  8. Hacker Tools For Ios
  9. Hacking Tools Name
  10. Kik Hack Tools
  11. Hacker Tools 2019
  12. Tools 4 Hack
  13. Android Hack Tools Github
  14. Hacking Tools For Pc
  15. Hack Tools
  16. Hackers Toolbox
  17. Hackers Toolbox
  18. Hacker Tools Free Download
  19. New Hacker Tools
  20. How To Make Hacking Tools
  21. Hacking Tools Windows
  22. Pentest Tools Linux
  23. Hacker Techniques Tools And Incident Handling
  24. Hacker Search Tools
  25. Pentest Recon Tools
  26. Hack Tools Github
  27. Hack Tools 2019
  28. Hack Tools For Windows
  29. Best Pentesting Tools 2018
  30. Hack Tools For Mac
  31. Hacker Tools Mac
  32. Pentest Tools Website Vulnerability
  33. Pentest Tools Open Source
  34. Black Hat Hacker Tools
  35. Pentest Tools For Windows
  36. Install Pentest Tools Ubuntu
  37. Hack Tools Download
  38. Hack Tools
  39. Hacker Tools Mac
  40. Beginner Hacker Tools
  41. New Hacker Tools
  42. Hacking Apps
  43. How To Make Hacking Tools
  44. Hacking Tools Windows
  45. Install Pentest Tools Ubuntu
  46. Hack Tools For Games
  47. World No 1 Hacker Software
  48. Pentest Tools For Mac
  49. Hack App
  50. Install Pentest Tools Ubuntu
  51. Bluetooth Hacking Tools Kali
  52. Hacker Tools Apk Download
  53. Hacker Tools Free
  54. Hacking Tools Kit
  55. Hacking Tools Kit
  56. Hacking Tools And Software
  57. Pentest Tools Alternative
  58. Hacking Tools For Windows Free Download
  59. Pentest Tools Nmap
  60. Hacking Tools 2020
  61. Hack Tools Github
  62. Growth Hacker Tools
  63. Hacker Tools Linux
  64. Hacker Tools Apk
  65. Pentest Tools Android
  66. Hack Tools For Windows
  67. Free Pentest Tools For Windows
  68. Pentest Tools Download
  69. Pentest Tools Download
  70. Hacking Tools Usb
  71. Pentest Tools Github
  72. Hacker Tools Free Download
  73. Game Hacking
  74. Nsa Hack Tools
  75. Pentest Tools For Ubuntu
  76. Pentest Tools Find Subdomains
  77. Pentest Tools For Ubuntu
  78. Pentest Tools For Ubuntu
  79. Pentest Tools Bluekeep
  80. Growth Hacker Tools
  81. Hacker Techniques Tools And Incident Handling
  82. Hacker Tools Free Download
  83. Game Hacking
  84. Hacking Tools And Software
  85. Pentest Tools Download
  86. Bluetooth Hacking Tools Kali
  87. How To Make Hacking Tools
  88. Pentest Tools Tcp Port Scanner
  89. Hacking Apps
  90. Pentest Tools Download
  91. Bluetooth Hacking Tools Kali
  92. Wifi Hacker Tools For Windows
  93. Hacker Tools For Pc
  94. Blackhat Hacker Tools
  95. Nsa Hacker Tools
  96. Hacker Tools For Ios
  97. Hacker Tools Hardware
  98. Hacking Tools
  99. Pentest Tools Url Fuzzer
  100. What Is Hacking Tools
  101. Nsa Hacker Tools
  102. Hack Tools Download
  103. Pentest Tools Apk
  104. Hak5 Tools
  105. Hacking App
  106. What Is Hacking Tools
  107. Hacking Tools Hardware
  108. Hacking Tools Online
  109. Pentest Tools Windows
  110. Hacking Tools Windows 10
  111. Hacking Tools Windows 10
  112. Tools Used For Hacking
  113. Pentest Tools Kali Linux
  114. Nsa Hack Tools
at 1:10 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)