https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192227#M134 <P>Hi Curtis,</P><P>&nbsp;</P><P>Many thanks for your feedback and for having contacted the support!</P><P>&nbsp;</P><P>That clarifies the situation <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Good to see that Palo is working on a fix.</P><P>&nbsp;</P><P>You right I agree and appreciate as well their honesty.</P><P>&nbsp;</P><P>Thanks again and see you on the community threads.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Dec 2017 09:16:11 GMT FRVSA 2017-12-19T09:16:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/191931#M128 <P>Recent article talks about a newly discovered (but old) vulnerability:&nbsp;</P><P>&nbsp; &nbsp; &nbsp;<A href="https://arstechnica.com/information-technology/2017/12/a-worrying-number-of-sites-remain-open-to-major-crypto-flaw-from-1998/?comments=1&amp;start=40&nbsp;" target="_blank">https://arstechnica.com/information-technology/2017/12/a-worrying-number-of-sites-remain-open-to-major-crypto-flaw-from-1998/?comments=1&amp;start=40&nbsp;</A></P><P>&nbsp;</P><P>You can test your links here if you are vulnerable:&nbsp;</P><P>&nbsp; &nbsp; &nbsp;<A href="https://robotattack.org&nbsp;" target="_blank">https://robotattack.org&nbsp;</A></P><P><BR />With TLSv1.2, all my Palo Alto GlobalProtect interfaces check as vunerable.<BR />Has anyone heard of this and is there a configuration that lessen the vulnerability?</P><P><BR />Thank you.</P> Fri, 15 Dec 2017 23:52:59 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/191931#M128 Margit_Curtis 2017-12-15T23:52:59Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192091#M129 <P>Hi,</P><P>&nbsp;</P><P>Same issue there. All our GlobalProtect portals seems to be&nbsp;vulnerable even with the latest PANOS revision.</P><P>I've noticed that It only&nbsp;affects&nbsp;GlobalProtect portals bound with&nbsp;SSL&nbsp;certificates which do use the RSA algorithm.</P><P>&nbsp;</P><P>The US-Cert has recently published an advisory: <A href="http://www.kb.cert.org/vuls/id/144389" target="_blank">http://www.kb.cert.org/vuls/id/144389</A></P><P>&nbsp;</P><P>Any advice would be appreciated.</P><P>&nbsp;</P><P>Many thanks.</P> Mon, 18 Dec 2017 16:08:45 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192091#M129 FRVSA 2017-12-18T16:08:45Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192129#M130 <P>Hi, thanks for that link to the US-Cert alert. I was thinking that maybe the SSL certificate is the issue, but we have the same type of certificate on our Juniper\Pulse VLN interface, and that doesn't report vulnerable.</P><P><BR />I think most of us use the RSA type of certificate, as not all vendor issue ECC/ECDSA certificates, and maybe some issue with older browsers not supporting it. I like this site on it:&nbsp;<A href="https://wiki.mozilla.org/Security/Server_Side_TLS&nbsp;" target="_blank">https://wiki.mozilla.org/Security/Server_Side_TLS&nbsp;</A></P> Mon, 18 Dec 2017 20:24:54 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192129#M130 Margit_Curtis 2017-12-18T20:24:54Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192150#M131 <P>Hi FRVSA,<BR /><BR />I've just got a confirmation from PA tech support:<BR />"The PAN-OS is vulnerable and they are currently working towards a fix which prevents the attacker to exploit this vulnerability.<BR />Currently they do not have a release timeline and this is currently marked as the highest priority possible. They are also working on determining if this will be a hot patch or released in an OS update."<BR /><BR />I do appreciate the honesty from PA tech support, and I hope the fix is out soon.<BR /><BR /></P> Mon, 18 Dec 2017 22:31:21 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192150#M131 Margit_Curtis 2017-12-18T22:31:21Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192227#M134 <P>Hi Curtis,</P><P>&nbsp;</P><P>Many thanks for your feedback and for having contacted the support!</P><P>&nbsp;</P><P>That clarifies the situation <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Good to see that Palo is working on a fix.</P><P>&nbsp;</P><P>You right I agree and appreciate as well their honesty.</P><P>&nbsp;</P><P>Thanks again and see you on the community threads.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 19 Dec 2017 09:16:11 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/192227#M134 FRVSA 2017-12-19T09:16:11Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/193436#M139 <P>Please note that we have posted the following advisory regarding ROBOT.</P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/PAN-OS-exposure-to-ROBOT-attack/ta-p/192397" target="_blank">https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/PAN-OS-exposure-to-ROBOT-attack/ta-p/192397</A></P> Fri, 29 Dec 2017 20:05:13 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/193436#M139 bvandivier 2017-12-29T20:05:13Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/193545#M140 <P>Hi Curtis - any idea if this fix will resolve findings on Global Protect portals using an RSA cert? Seems this mitigation / workaround statement only reflects fixes on the SSL Decryption Profiles.</P><P>&nbsp;</P><P><A href="https://securityadvisories.paloaltonetworks.com/Home/Detail/117" target="_blank">https://securityadvisories.paloaltonetworks.com/Home/Detail/117</A></P><P>&nbsp;</P> Tue, 02 Jan 2018 20:54:52 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/193545#M140 scottyfresh 2018-01-02T20:54:52Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/193549#M141 <P>Hi Scotty,</P><P>The 757 contect update is giving some extra protection, but doesn't solve the problem.<BR />I've done the update and our GP site still tests vulnerable.&nbsp;<BR />Their jugestion of switching to DHA type certificate is not an option for me at this time.<BR /><BR /></P><P>It seems to me that they are coming out with an actual fix, with 8.0.7:&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes/pan-os-8-0-7-addressed-issues#_49938&nbsp;" target="_blank">https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes/pan-os-8-0-7-addressed-issues#_49938&nbsp;</A></P><P>&nbsp;</P><P>PAN-89936<BR />A security-related fix was made to prevent the decryption of captured sessions through the ROBOT attack (CVE-2017-17841).</P><P>&nbsp;</P><P>But I haven't tested it yet.</P><P>&nbsp;</P><P>Margit</P> Wed, 03 Jan 2018 00:19:54 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/193549#M141 Margit_Curtis 2018-01-03T00:19:54Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/194304#M152 <P>Hi Margit,</P><P>&nbsp;</P><P>Same thing here - 757 has the signature and can be applied to a vulnerability protection profile, but external facing portals will still show the finding. We're running PanOS 7.1.11 and PanOS 8.0.7 is not an option for us at this time.&nbsp;</P><P>&nbsp;</P><P>They did update the mitigation notes to reflect issues with PanOS 7.1, but it's not clear.</P><P>&nbsp;</P><P>Scott</P> Mon, 08 Jan 2018 18:14:18 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/194304#M152 scottyfresh 2018-01-08T18:14:18Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/195888#M166 <P>Hi Everyone,</P><P>&nbsp;</P><P>PANOS- 7.1.15 is out and the release note includes the following entrie:</P><P>&nbsp;</P><P>PAN-89936: A security‐related fix was made to prevent the decryption of captured sessions through the ROBOT attack (CVE‐2017‐17841).</P><P>&nbsp;</P><P>I assume it solves the vulnerability exposition but not tested yet.</P><P>&nbsp;</P><P>Cheers.</P> Fri, 19 Jan 2018 10:54:56 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/rsa-tls-crypto-attack-robot-short-for-quot-return-of/m-p/195888#M166 FRVSA 2018-01-19T10:54:56Z