SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   F5 BIG-IP Vendors:   F5 Networks
F5 BIG-IP RSA TLS Implementation Lets Remote Users Decrypt Data Communicated By the Target System
SecurityTracker Alert ID:  1039839
SecurityTracker URL:  http://securitytracker.com/id/1039839
CVE Reference:   CVE-2017-6168   (Links to External Site)
Updated:  Dec 12 2017
Original Entry Date:  Nov 17 2017
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in F5 BIG-IP. A remote user can decrypt data communicated by the target system.

A remote user with access to network traffic or that is able to conduct a man-in-the-middle attack can exploit the RSA implementation for TLS sessions and conduct an adaptive chosen ciphertext attack (known as a Bleichenbacher attack) to decrypt and recover plaintext.

BIG-IP virtual servers configured with a Client SSL profile are affected.

The vendor has assigned ID 693211 to this vulnerability.

This attack method is known as the "ROBOT" attack.

The origin advisory ("Return Of Bleichenbacher's Oracle Threat") is available at:

https://eprint.iacr.org/2017/1189

Hanno Bock, Juraj Somorovsky of Ruhr-Universitat Bochum / Hackmanit GmbH, and Craig Young of Tripwire VERT reported this vulnerability.

Impact:   A remote user with access to network traffic or that is able to conduct a man-in-the-middle attack can decrypt and recover plaintext.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://support.f5.com/csp/article/K21905460

Vendor URL:  support.f5.com/csp/article/K21905460 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC