Ascertia Products are not affected by the ROBOT Attack

Posted by Wahaj Khan on Jan 2, 2018 1:58:47 PM

Recently a vulnerability in the implementation of TLS protocol has been found called ROBOT (Return Of Bleichenbacher's Oracle Threat). This is the return of a 19-year-old vulnerability that allows RSA decryption and signing operations with the private key of a TLS server.

Ascertia Products are not affected by the ROBOT Attack

Back in 1998, Daniel Bleichenbacher found that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding in cipher suites using RSA key exchange allowed adaptive-chosen ciphertext attacks. This vulnerability allowed hackers to decrypt encrypted data using the TLS server’s RSA public key as well as the ability to generate a signature using the TLS servers. Research has revealed that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today's Internet.

As a responsible vendor in the PKI and digital signature space we understand the importance of keeping our clients and partners informed about our products and services. Although this issue has caused significant waves in security circles, our products were found to be unaffected by this vulnerability. This includes our multi-function e-Trust Services product ADSS Server and SigningHub. Consequently there has been no downtime or patching required by our clients and Trust Service Provider (TSP) partners.

Topics: robot attack, tls protocol, ssl vulnerability, tls server, ssl security, digital signature service provider

Recent Posts

Posts by Topic

see all

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook