Share via

Robot Vulnerability detected on Azure App Service

Sukesh Jakharia 0 Reputation points
2024-07-17T18:28:19.7666667+00:00

We are using Azure App Service and done VAPT assessment and found Robot vulnerability on port 455

https://xyz.azurewebsites.net:455 (masked url)

We have detected with Robot vulnerability and we need this to be addressed ASAP.

 

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.  An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.  ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. To detect this the vulnerable ciphers should be disabled."

We are using below TLS Cipher:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

Please confirm how we can fix this vulnerability.

Thanks

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,879 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,431 Reputation points
    2024-07-17T19:10:58.0266667+00:00

    Hi Sukesh,

    For starters,:

    Go to the Azure portal.

    1. Navigate to your App Service.
    2. Select "TLS/SSL settings" from the left-hand menu.
    3. Set the minimum TLS version to TLS 1.2 or higher.

    Azure App Service doesn't offer a direct way to disable specific cipher suites. However, you can ensure your application uses only secure ciphers by configuring it to support strong ones.

    If this is helpful please accept as answer or upvote.

    Best regards,

    Dillon Silzer, Director | Cloudaen.com | Cloudaen Computing Solutions

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.