KB Article #179501

About ROBOT Vulnerability in Transfer CFT

Problem

IT Security team reported the version of Transfer CFT as vulnerable


Vulnerability: Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure



Description:
The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.



Note that this plugin does not attempt to recover an RSA ciphertext, however it sends a number of correct and malformed RSA ciphertexts as part of an SSL handshake and observes how the server responds.



This plugin attempts to discover the vulnerability in multiple ways, by not completing the handshake and by completing it incorrectly, as well as using a variety of cipher suites. Only the first method that finds the service to be vulnerable is reported.



Plug in Output:
The test sent a crafted RSA ciphertext and then sent a TLS Finished message with incorrect padding.
The following differences in behaviour were seen by Nessus :
- As a baseline with correct formatting : server sent TLS alert 40, server sent TCP RST
- With incorrect leading bytes : server sent TLS alert 51, server sent TCP RST
- With the 0x00 byte in incorrect place : server sent TLS alert 40, server sent TCP RST
- With the 0x00 byte missing : server sent TLS alert 51, server sent TCP RST
- With an incorrect version number : server sent TLS alert 40, server sent TCP RST



Resolution


CFT 3.0.1 is using OpenSSL for SSL transfers.

According to the following links, OpenSSL is not vulnerable:
[1]https://www.kb.cert.org/vuls/id/144389
[2]https://robotattack.org/
[3]https://mta.openssl.org/pipermail/openssl-dev/2017...]


We have launched the test [4]https://testssl.sh/bleichenbacher/ on OpenSSL 1.0.2k delivered since version 3.2. It is not vulnerable.

The official response concerning Axway products for ROBOT is here: [5]https://axway.jiveon.com/docs/DOC-110917?et=watche...

Nevertheless the version 3.0.1 includes a very old version of OpenSSL (0.9.8) that contains other vulnerability issues.


You can't upgrade OpenSSL without upgrading CFT.

We highly recommand to use a more recent version of CFT (3.3.2)


NB: The test [6]https://testssl.sh/bleichenbacher/ doesn't work on OpenSSL 0.9.8, this version is too old.
----------------------------------------------------------------------------------------
[1] https://www.kb.cert.org/vuls/id/144389
[2] https://robotattack.org/
[3] https://mta.openssl.org/pipermail/openssl-dev/2017...
[4] https://testssl.sh/bleichenbacher/
[5] https://axway.jiveon.com/docs/DOC-110917?et=watche...
[6] https://testssl.sh/bleichenbacher/

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.