The Browser Exploit Against SSL/TLS (BEAST) is a vulnerability that exists in all cipher block chaining (CBC) ciphers in SSL V3/TLS 1.0 and it’s lower versions. Ciphers are cryptographic algorithms used for performing encryption/decryption of communication channel. The BEAST attack targets the weak points in cipher block chaining to exploit the SSL/TLS protocol. This vulnerability targets the Secure Socket Layer to retrieve information from the communication between the server and the browser. This vulnerability can also access the authentication tokens of the user. The BEAST attack targets the confidentiality feature of HTTPS connection. This attack helps the attacker to extract unencrypted plaintext data from an encrypted channel.
The conditions for a successful beast attack are:-
- A vulnerable version of SSL that uses a block cipher technique.
- The attacker must be able to sniff the communication from the server.
- Applet or javascript injection through the same origin of the website must be possible
Impact
Using this vulnerability, an attacker can:-
- perform an attack against CBC based ciphers
- execute a Man-In-The-Middle (MITM) attack to retrieve information from an encrypted SSL communication and will also be able to obtain its authentication tokens.
Mitigation / Precaution
Beagle recommends the following fixes:-
- Prioritise the RC4 cipher suites rather than CB.
- Update TLS/SSL to the latest version for utmost security.
- Ensure the SecureAuth IdP Appliance is fully patched with the latest Microsoft Windows Server updates.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.