The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

Sooraj V Nair
Published on
19 Jun 2018
2 min read

RC4 was first introduced by a group of security scientists (Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt). They found out that a new attack against TLS with RC4 encryption allowed an attacker to recover plaintext data from the TLS connection. This attack was possible because of a flaw in the keystream generated by the RC4 algorithm. If the same plaintext is encrypted, again and again, it will leave traces. A remote attacker can perform a plaintext-recovery attack by sniffing the initial bytes of network traffic. The RC4 algorithm can be implemented in both TLS and SSL protocol. The RC4 algorithm is vulnerable during the initialisation phase when the algorithm does not properly combine state data with key data. The attacker can then use a brute-force attack using LSB values.


Using this vulnerability, an attacker can:-

  • perform a Man-In-The-Middle (MITM) attack. In this attack, an attacker can sniff the communication medium to access sensitive information about the end-users.

  • access the session cookie and recover parts of the cookie to access sensitive information. The attacker can use a BEAST attack to obtain a large number of encryptions. The attacker will use Javascript to make the end users download malicious files from an attacker-controlled website. The downloaded malware is used to generate many HTTPS requests to the victim web server. The session cookies are also included in these requests. An attacker who needs a new SSL connection using the new RC4 keystream prefixes can force terminate SSL session, even after the target encrypted cookie is sent. After this process, the browser will automatically establish a new SSL session every time when the next HTTPS request is sent.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Reconfigure the application and try to avoid the use of RC4 ciphers. It is recommended to use the TLS version 1.2 with AES-GCM suites. This suite is subjected to browser and web server support.
  • The application admin should disable RC4 in their application’s TLS configurations. This change can help to secure the application.
  • We encourage to disable RC4 in the end user browser’s TLS configuration. Internet browser providers should consider removing RC4 from their TLS cipher lists.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.