Vulnerability from 1998 again in the ranks - meet ROBOT

A recent scan of the sites from the top 100 in traffic revealed that 27 of them, including Facebook and PayPal, contained a vulnerability very similar to SSL discovered in 1998 by researcher Daniel Bleichenbacher . An error in the RSA control key algorithm allowed decrypting data using certain requests without having an encryption key. The vulnerability in the algorithm is not fixed, but implemented some workarounds that closed the vulnerability.

After 19 years, researchers again used a similar attack and found that about 2.8% of the first million sites are vulnerable. Software products from many manufacturers and some open source projects also turned out to be vulnerable. For a list, see this article: VERT Threat Alert: Return of Bleichenbacher's Oracle Threat (ROBOT) .
A new vulnerability was named ROBOT - short for Return Of Bleichenbacher's Oracle Threat.

Due to the complexity of the use (the attacker needs to make thousands of connections to the vulnerable site), the vulnerability is less dangerous than the famous Heartbleed, but still requires immediate attention. It is recommended to check your sites using the ROBOT Check tool and update the software. And in the long term, stop using RSA keys and start using Elliptic-Curve Diffie-Hellman schemes.

Based on the article: 1998 attack that secret keys crypto keys is back in a big way