Number: AL17-014
Date: 13 December 2017
Purpose
The purpose of this alert is to bring attention to a recently disclosed Transport Layer Security (TLS) vulnerability.
Assessment
CCIRC has become aware of a Transport Layer Security (TLS) vulnerability, also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions.
Suggested Action
Due to the potential risk presented by this vulnerability, CCIRC recommends that system administrators monitor for a vendor released security fix, refer to your product's documentation or contact the vendor's customer service for more information.
References: