Browser Exploit Against SSL/TLS

The Browser Exploit Against SSL/TLS (BEAST) is a vulnerability that exists in all cipher block chaining (CBC) ciphers in SSL V3/TLS 1.0 and it’s lower versions. Ciphers are cryptographic algorithms used for performing encryption/decryption of communication channel. The BEAST attack targets the weak points in cipher block chaining to exploit the SSL/TLS protocol. This vulnerability targets the Secure Socket Layer to retrieve information from the communication between the server and the browser. This vulnerability can also access the authentication tokens of the user. The BEAST attack targets the confidentiality feature of HTTPS connection. This attack helps the attacker to extract unencrypted plaintext data from an encrypted channel.

The conditions for a successful beast attack are:-

  • A vulnerable version of SSL that uses a block cipher technique.
  • The attacker must be able to sniff the communication from the server.
  • Applet or javascript injection through the same origin of the website must be possible

Impact

Using this vulnerability, an attacker can:-

  • perform an attack against CBC based ciphers
  • execute a Man-In-The-Middle (MITM) attack to retrieve information from an encrypted SSL communication and will also be able to obtain its authentication tokens.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Prioritise the RC4 cipher suites rather than CB.
  • Update TLS/SSL to the latest version for utmost security.
  • Ensure the SecureAuth IdP Appliance is fully patched with the latest Microsoft Windows Server updates.

Related Articles