Cryptography Groundhog Day — The Bleichenbacher Attack

In Groundhog Day, we repeated each day, and nothing actually changed. With the Bleichenbacker attack, we have a vulnerability that just won’t go away, and our systems are just as exposed as they were two decades ago. Luckily, if we drop support for TLS 1.2 and below, it will go ahead. But, before then, we are still exposed to a serious attack on a wide range of systems … in fact, any system that still supports PKCS#1 v1.5.

The Bleichenbacher attack [here][1] has been known about for over 24 years and has been the core of many attacks on TLS/SSL and VPN networks:

In 2017, it transformed into ROBOT (Return Of Bleichenbacher’s Oracle Threat https://robotattack.org/). And then there have been attacks against VPNs, including a paper published in USENIX (15–17 August 2018) and involves researchers from Ruhr-University Bochum and the University of Opole [paper]:

An attack defined as the Bleichenbacher Oracle Attack [2] operates by sending errors to the VPN server, and where…