BSA-2018-514
21676
16 March 2018
08 January 2018
Closed
Medium
N/A
Yes
CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2017-17841, CVE-2018-1388, CVE-2016-6883, CVE-2012-5081
Summary
Security Advisory ID : BSA-2018-514
Component : TLS Implementations
Revision : 1.1: Final
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding, and may therefore be vulnerable to Bleichenbacher-style attacks. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Thisattack is known as a "ROBOT attack”.More information about the research is available from the researcher's website.
Affected Products
There are no supported Brocade Fibre Channel Products from Broadcom currently known to be affected by this TLS attack.
Product Confirmed Non Vulnerable
Brocade Fabric OS and Brocade Network Advisor are confirmed not vulnerable.
Workaround
Affected users and system administrators are encouraged to disable TLS RSA cyphers if possible.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | January 08, 2018 |
| 1.1 | Updated with additional CVEs | March 16, 2018 |