sábado, 29 de agosto de 2020

TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).
Related links

  1. Hack Tools For Pc
  2. Tools For Hacker
  3. Pentest Tools Online
  4. Pentest Tools Framework
  5. Hack Website Online Tool
  6. Hack Tools For Games
  7. Hacking Tools For Beginners
  8. Github Hacking Tools
  9. Computer Hacker
  10. Hacking Tools For Pc
  11. Hack App
  12. Hack And Tools
  13. Hacking Tools 2020
  14. Hacker Tools For Windows
  15. Beginner Hacker Tools
  16. Hacker Tools Hardware
  17. How To Make Hacking Tools
  18. How To Make Hacking Tools
  19. Hack App
  20. Hack And Tools
  21. Hacking Tools Mac
  22. Pentest Automation Tools
  23. Pentest Tools
  24. Hacker Tools Free Download
  25. Usb Pentest Tools
  26. Pentest Tools Port Scanner
  27. Pentest Box Tools Download
  28. Hack Tool Apk
  29. Hack Website Online Tool
  30. Hacks And Tools
  31. Hacker Tools For Mac
  32. Hacking Tools For Windows Free Download
  33. Hacker Tools Free Download
  34. Tools Used For Hacking
  35. Hack App
  36. Pentest Tools Free
  37. Github Hacking Tools
  38. Physical Pentest Tools
  39. Pentest Tools For Windows
  40. Black Hat Hacker Tools
  41. Hacking Tools For Windows 7
  42. Wifi Hacker Tools For Windows
  43. Best Hacking Tools 2019
  44. Hacking Tools Free Download
  45. Hacker Tools Online
  46. Best Pentesting Tools 2018
  47. Free Pentest Tools For Windows
  48. Pentest Tools Port Scanner
  49. Pentest Tools Online
  50. Pentest Recon Tools
  51. Pentest Reporting Tools
  52. Hak5 Tools
  53. Hacking Apps
  54. Hack Rom Tools
  55. Hacker Tools For Ios
  56. Pentest Tools Github
  57. Pentest Tools Find Subdomains
  58. Hacking Tools Software
  59. Pentest Tools Url Fuzzer
  60. Hacking Tools 2020
  61. Hacker Tools 2020
  62. Hack Tools 2019
  63. Pentest Box Tools Download
  64. Hacker Tools Mac
  65. Install Pentest Tools Ubuntu
  66. Hacker Tools 2019
  67. Hackers Toolbox
  68. Pentest Tools Free
  69. Hacker Security Tools
  70. Pentest Tools Find Subdomains
  71. Hacking Tools For Pc
  72. Pentest Tools For Mac
  73. Hacking Tools 2020
  74. Hacking Tools Hardware
  75. Hack Website Online Tool
  76. Hacking Tools Download
  77. Hacking Tools Github
  78. Github Hacking Tools
  79. Underground Hacker Sites
  80. Hacking App
  81. Hack Tool Apk No Root
  82. Hack App
  83. Pentest Recon Tools
  84. Hacker Security Tools
  85. Pentest Tools Free
  86. Android Hack Tools Github
  87. World No 1 Hacker Software
  88. Hack Website Online Tool
  89. Pentest Tools Linux
  90. Hack Tools For Pc
  91. Free Pentest Tools For Windows
  92. Hacker Tool Kit
  93. Hacking Tools For Windows
  94. Pentest Tools Windows
  95. Hacker Tools Linux
  96. Tools Used For Hacking
  97. Best Hacking Tools 2019
  98. Pentest Recon Tools
  99. Pentest Tools Subdomain
  100. Hacker Tools Mac
  101. Hacking Tools And Software
  102. Hacking Tools Windows 10
  103. Pentest Tools Windows
  104. Pentest Tools Bluekeep
  105. Pentest Tools Website Vulnerability
  106. Nsa Hack Tools
  107. Hacker Tools Windows
  108. Hacker Tools For Mac
  109. Hacking Tools For Pc
  110. Pentest Tools Website Vulnerability
  111. Pentest Tools Android
  112. Hacking Tools For Windows Free Download
  113. What Is Hacking Tools
  114. Hack Tools Mac
  115. Hacker Tools Apk
  116. Hack Tools Pc
  117. Hacking Tools Windows
  118. Nsa Hack Tools
  119. Tools Used For Hacking
  120. How To Install Pentest Tools In Ubuntu
  121. Hack Tools For Mac
  122. Physical Pentest Tools
  123. Pentest Tools List
  124. Hack Tools
  125. Hacking Tools For Kali Linux
  126. Hack Rom Tools
  127. Blackhat Hacker Tools
  128. Android Hack Tools Github
  129. Kik Hack Tools
  130. Termux Hacking Tools 2019
  131. Computer Hacker
  132. Game Hacking
  133. Hacker Tools Apk
  134. Pentest Tools Review
  135. Hacker Tools 2020
  136. Hack And Tools
  137. Hacker Tools Apk
  138. Underground Hacker Sites
  139. Easy Hack Tools
  140. Pentest Tools Nmap
  141. Hacker Tools Apk
  142. Hack Tools
  143. Pentest Tools Open Source
  144. Pentest Tools Port Scanner
  145. Hack Tools Mac
  146. Hacking Tools Online
  147. Hacking Tools For Games
  148. Hack Tools For Ubuntu
  149. Pentest Tools For Android
  150. Hacking Tools For Windows 7
  151. Pentest Tools Nmap
  152. Hacking Apps
  153. Underground Hacker Sites
  154. Hack Tools Online
  155. Hak5 Tools
  156. Pentest Tools Framework
  157. Hacking Tools For Windows Free Download
  158. Pentest Tools Windows
  159. Kik Hack Tools
  160. Pentest Tools Alternative
  161. Pentest Tools Review
  162. Kik Hack Tools
  163. Pentest Tools Bluekeep
  164. Hacker Tools 2019
  165. Blackhat Hacker Tools
  166. Hacker Tools Windows
  167. Pentest Automation Tools
  168. Best Hacking Tools 2019
  169. New Hack Tools
  170. Hacker Tools Online
  171. Hack Tools For Pc
  172. Pentest Tools Website
  173. Hack Tool Apk
  174. Hacking Tools Pc
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)