Bleichenbacher

Daniel Bleichenbacher is a Swiss cryptographer working at Google. In 1998, Daniel discovered that secure server error messages in PKCS padding allowed an adaptive-chosen ciphertext attack. Bleichenbacher proposed to upgrade the encryption scheme but workarounds to the error message were used instead.

In 2017 a team of researchers modified the original attack and defeated the workarounds. The modified attack on TLS cipher modes using RSA encryption is known as ROBOT (Return of Bleichenbacher’s Oracle Attack). Every protocol that uses RSA PKCS #1 v1.5 encryption is vulnerable.

Fortunately most modern TLS connections use ECDHE and RSA for signatures. However it is still recommended that RSA encryption modes are disabled, especially because they lack forward secrecy.