We’ll show how we found one of the oldest TLS vulnerabilities in products of 10 different vendors and how we practically exploited it on famous sites. We’ll also discuss how the countermeasures introduced back in TLS 1.0 and expanded over the years failed to prevent this and why RSA PKCS #1 v1.5 encryption should be deprecated.

By Craig Young + Hanno Bock

Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#return-of-bleichenbachers-oracle-threat-robot-10762

Posted by Charlie