CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Transport Layer Security (TLS) Vulnerability

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Wed, 13 Dec 2017 10:20:54 -0600
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



Transport Layer Security (TLS) Vulnerability [ 
https://www.us-cert.gov/ncas/current-activity/2017/12/13/Transport-Layer-Security-TLS-Vulnerability ] 12/13/2017 10:46 
AM EST 
Original release date: December 13, 2017

CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. 
Exploitation of this vulnerability could allow an attacker to access sensitive information.

The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to 
obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to 
affected products as they become available. US-CERT encourages users and administrators to review CERT/CC Vulnerability 
Note VU #144389 [ http://www.kb.cert.org/vuls/id/144389 ].





________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: