Robot Vulnerability (CVE-2017-6168) Remediation

Question

Hi, &nbsp;
Urgent Please !!&nbsp;
To mitigate the risk with ROBOT attack how to disable RSA key in clientSSl profile through GUI ? &nbsp;
https://support.f5.com/csp/article/K21905460&nbsp;

hamish · Answer

Include !RSA in the client ciphers... Same as the tmsh/command line.... &nbsp;
In v13 you configure that via either a client cipher group, or a cipher string.&nbsp;

ashua_246482 · Answer

I have disabled the RSA Key exchange in default clientssl profile And 90% of our clientssl profiles using that default one. But there are still some profiles which use custom ssl profiles and we dont know which one are they, as no inventory available. In total we have 500+ profiles. Do i have to go into each of them one by one and check or Is there a command i can use to find out which profiles are enabled for custom ciphers?

suzyw720_345395 · Answer

Hello &amp; just wondering,....Did including !RSA in the client ciphers resolve this issue for you?&nbsp;

ashu_2116 · Answer

Yes, It had resolved the issue. You can test the results at&nbsp;
https://robotattack.org&nbsp;

mohammed_jabbar · Answer

TLS ROBOT Vulnerability Detected this issue  belongs to application  or os &nbsp;

Forum Discussion

Robot Vulnerability (CVE-2017-6168) Remediation

5 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat