The Bleichenbacher attack is back, now named "Return Of Bleichenbacher's Oracle Threat" (ROBOT). This 19-year-old vulnerability can allow an attacker to decrypt HTTPS traffic by exploiting some RSA encryption implementations.
Détails de la vulnérabilité
The Bleichenbacher attack is applicable to the TLS-RSA key exchange. This key exchange is used in all cipher suites having names starting with TLS_RSA (e.g. TLS_RSA_WITH_AES_128_CBC_SHA256).
The novelty of the ROBOT attack, compared to the original Bleichenbacher’s one, is that TLS implementations known to be vulnerable may return different TLS alerts and/or connection closures depending on the crafted padding, and this side-channel information can be used to improve the efficiency of the attack (less requests needed).
The DenyAll products are *not* vulnerable to this attack.