Security Alerts - ROBOT Vulnerability (29 Jan 2018)
The AAF has received important security advice from the Shibboleth project, which we want to share with our subscribers. This advice is in relation to the security of the federation and the ROBOT vulnerability (https://robotattack.org) identified late last year.
TLS keys impacted by the ROBOT vulnerability could:
This issue is independent of the deployed Identity Provider or Service Provider version, as such there is no specific patch available to remedy this issue. Administrators need to assess their requirements and tune their environments in line with this advice.
Official security advisory
Thank you to the Shibboleth project and Internet2 for the research and advice which underpins this advisory.