Ascertia products unaffected by the ROBOT attack

Posted by Mike Hathaway on Jan 2, 2018 1:58:47 PM

Recently a vulnerability in the implementation of TLS protocol has been found called ROBOT (Return Of Bleichenbacher's Oracle Threat).

This is the return of a 19-year-old vulnerability that allows RSA decryption and signing operations with the private key of a TLS server.

Ascertia Products are not affected by the ROBOT Attack

What is the ROBOT vulnerability?

Back in 1998, Daniel Bleichenbacher found that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding in cipher suites using RSA key exchange allowed adaptive-chosen ciphertext attacks.

This vulnerability allowed hackers to decrypt encrypted data using the TLS server’s RSA public key as well as the ability to generate a signature using the TLS servers. Research has revealed that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today's Internet.

Security is Ascertia's top priority

As a responsible vendor in the PKI and digital signature space we understand the importance of keeping our clients and partners informed about our products and services.

Although this issue has caused significant waves in security circles, our products were found to be unaffected by this vulnerability. This includes our multi-function e-Trust Services product ADSS Server and SigningHub. Consequently, there has been no downtime or patching required by our clients and Trust Service Provider (TSP) partners.