Today Great Book at Amazon.com
Visit Amazon.com to see more

Sunday, August 23, 2020

TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).
More info
  1. Hacking Tools Online
  2. Hacker Security Tools
  3. Hacker Tools 2019
  4. Pentest Tools Tcp Port Scanner
  5. Hacker Tools For Ios
  6. What Are Hacking Tools
  7. Hacking Tools 2019
  8. Hacking Tools Mac
  9. Hacker Tools Apk Download
  10. Hack Tools For Windows
  11. Hack Tools For Ubuntu
  12. Hacking Tools Windows 10
  13. Hack Tools
  14. Hacking Tools For Mac
  15. Pentest Tools Website Vulnerability
  16. Hack Tools Github
  17. Pentest Tools Linux
  18. How To Make Hacking Tools
  19. Pentest Tools Tcp Port Scanner
  20. Pentest Tools For Windows
  21. Pentest Tools For Mac
  22. Easy Hack Tools
  23. Hacker Tools Apk
  24. Hack Tools For Ubuntu
  25. Hacker Tools 2019
  26. Pentest Tools Android
  27. Tools Used For Hacking
  28. Hacker Tools Online
  29. Hacking Tools Windows 10
  30. Computer Hacker
  31. Hacking Tools Pc
  32. Hacker Tool Kit
  33. Hacking Tools For Kali Linux
  34. Pentest Tools Port Scanner
  35. Tools For Hacker
  36. Tools Used For Hacking
  37. Pentest Tools For Mac
  38. Pentest Tools Linux
  39. Tools For Hacker
  40. Pentest Tools Find Subdomains
  41. Pentest Tools Android
  42. Hacking Tools For Windows
  43. Pentest Tools Find Subdomains
  44. Termux Hacking Tools 2019
  45. Hacking Tools Hardware
  46. New Hacker Tools
  47. Pentest Tools Free
  48. Hacker Hardware Tools
  49. Hacking Tools Hardware
  50. Hack Tools Mac
  51. Pentest Tools Review
  52. Hacking Tools For Pc
  53. Hacker Tools For Windows
  54. Blackhat Hacker Tools
  55. Hacker Tools Github
  56. Hack Tools
  57. Pentest Tools Website Vulnerability
  58. Hack Tools For Mac
  59. Pentest Tools Online
  60. Hacking Tools Windows 10
  61. Pentest Reporting Tools
  62. Hacker Techniques Tools And Incident Handling
  63. Hack Tools Online
  64. Android Hack Tools Github
  65. Usb Pentest Tools
  66. Hack Tools Pc
  67. Hacker Tools Hardware
  68. Hack App
  69. Hack Tools For Pc
  70. Hacking Tools Windows 10
  71. Hak5 Tools
  72. Hacker Tools Linux
  73. Hacking Tools For Games
  74. Tools For Hacker
  75. Hacking Tools Windows 10
  76. Pentest Tools Port Scanner
  77. Ethical Hacker Tools
  78. Hackers Toolbox
  79. Hacker Tools
  80. Pentest Tools Kali Linux
  81. Hacker Tools Free
  82. Hacking Tools Kit
  83. Pentest Tools
  84. Hacker Tools 2020
  85. What Is Hacking Tools
  86. Hack Tool Apk No Root
  87. Pentest Tools Free
  88. Hacking App
  89. Nsa Hacker Tools
  90. Hacker Tools Windows
  91. Hacker Tools Mac
  92. Hacking Tools Download
  93. Pentest Tools Url Fuzzer
  94. Pentest Tools Free
  95. Hacker
  96. Hacker Tools For Mac
  97. Pentest Tools Windows
  98. Hacker Tools For Ios
  99. Hacker Tools List
  100. Hacking Tools 2020
  101. Hack Tools For Ubuntu
  102. Hacking Apps
  103. Hack Apps
  104. Pentest Tools Port Scanner
  105. Hack Tools For Ubuntu
  106. Free Pentest Tools For Windows
  107. World No 1 Hacker Software
  108. Game Hacking
  109. Hacking Tools
  110. Hack Tools Mac
  111. Pentest Tools Bluekeep
  112. Nsa Hack Tools
  113. Wifi Hacker Tools For Windows
  114. How To Hack
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Wee Knowledge is an information of business management blog. All comments should be respect to other. If there are any unrespect comment, it will be deleted. Hope you will get somthing form this blog.
Wee Knowledge.Blogspot.com