A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key.
The vulnerability is found in the transport layer security protocol used for Web encryption. A successful attack could allow an attacker to passively record traffic and later decrypt it or open the door for a man-in-the-middle attack, according to researchers.
Read more…
Source: ThreatPost