ROBOT attack (Bleichenbacher RSA)

OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-203 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:W/RC:C WSTG-CRYP-01

The ROBOT is the newer version of an 18-year-old vulnerability. This vulnerability allowed RSA decryption and signing operations by using the private key of a TLS server. There are many servers that are vulnerable to the Return Of Bleichenbacher’s Oracle Threat (ROBOT) attack. Using ROBOT attack, an attacker can passively record the traffic of the server and he can then, later on, decrypt the sensitive pieces of information from the recorded traffic. Readily exploitable systems under ROBOT attack are termed as Strong Oracle while average secured systems are termed as Weak Oracle. Applications that use old RSA encryption for exchanging keys are vulnerable to this attack. Almost all famous web applications like PayPal, Facebook and many more were vulnerable to ROBOT attack.


The attacker can attack using the private key and can completely disable the system.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Upgrade all of the vulnerable NetScaler appliances to a version of the appliance firmware.
  • Remove vulnerable applications on the SSL stack.
  • Disable all the TLS_RSA cipher suites on application’s SSL stack.

Related Articles