The ROBOT is the newer version of an 18-year-old vulnerability. This vulnerability allowed RSA decryption and signing operations by using the private key of a TLS server. There are many servers that are vulnerable to the Return Of Bleichenbacher’s Oracle Threat (ROBOT) attack. Using ROBOT attack, an attacker can passively record the traffic of the server and he can then, later on, decrypt the sensitive pieces of information from the recorded traffic. Readily exploitable systems under ROBOT attack are termed as Strong Oracle while average secured systems are termed as Weak Oracle. Applications that use old RSA encryption for exchanging keys are vulnerable to this attack. Almost all famous web applications like PayPal, Facebook and many more were vulnerable to ROBOT attack.
The attacker can attack using the private key and can completely disable the system.
Beagle recommends the following fixes:-