Home |
Announcements |
Knowledge Base |
Forums |
Ask for Help |
ABN 13 155 355 685 Trade Mark: 169 1608 ® |
Privacy Policy | Privacy Collection Notice |
Dalia Abraham
The AAF has received important security advice from the Shibboleth project, which we want to share with our subscribers. This advice is in relation to the security of the federation and the ROBOT vulnerability (https://robotattack.org) identified late last year.
TLS keys impacted by the ROBOT vulnerability could:
This issue is independent of the deployed Identity Provider or Service Provider version, as such there is no specific patch available to remedy this issue. Administrators need to assess their requirements and tune their environments in line with this advice.
Recommendations
Official security advisory
http://shibboleth.net/community/advisories/secadv_20180123.txt
Credits
Thank you to the Shibboleth project and Internet2 for the research and advice which underpins this advisory.