Product
Features API Security Testing GraphQL Security Testing DevSecOps Compliance Cosmog: Private Tunnel WordPress Security Testing OWASP Security Testing Free Security Testing
Solutions
Pricing
Free tools
Website Security Assessment SSL Certificate Checker Domain Expiry Checker
Resources
Blog Developer Docs Help Center Guides Whitepapers Vulnerability Index Partners
Product tour
Blog Home
SSL
19 Jun 2018

The RC4 algorithm In Transport Layer Security and Secure Sockets Layer

19 Jun 2018
OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 OWASP PC-C1 CAPEC-310 CWE-829 ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01

RC4 was first introduced by a group of security scientists (Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt). They found out that a new attack against TLS with RC4 encryption allowed an attacker to recover plaintext data from the TLS connection. This attack was possible because of a flaw in the keystream generated by the RC4 algorithm. If the same plaintext is encrypted, again and again, it will leave traces. A remote attacker can perform a plaintext-recovery attack by sniffing the initial bytes of network traffic. The RC4 algorithm can be implemented in both TLS and SSL protocol. The RC4 algorithm is vulnerable during the initialisation phase when the algorithm does not properly combine state data with key data. The attacker can then use a brute-force attack using LSB values.

Impact

Using this vulnerability, an attacker can:-

  • perform a Man-In-The-Middle (MITM) attack. In this attack, an attacker can sniff the communication medium to access sensitive information about the end-users.

  • access the session cookie and recover parts of the cookie to access sensitive information. The attacker can use a BEAST attack to obtain a large number of encryptions. The attacker will use Javascript to make the end users download malicious files from an attacker-controlled website. The downloaded malware is used to generate many HTTPS requests to the victim web server. The session cookies are also included in these requests. An attacker who needs a new SSL connection using the new RC4 keystream prefixes can force terminate SSL session, even after the target encrypted cookie is sent. After this process, the browser will automatically establish a new SSL session every time when the next HTTPS request is sent.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Reconfigure the application and try to avoid the use of RC4 ciphers. It is recommended to use the TLS version 1.2 with AES-GCM suites. This suite is subjected to browser and web server support.
  • The application admin should disable RC4 in their application’s TLS configurations. This change can help to secure the application.
  • We encourage to disable RC4 in the end user browser’s TLS configuration. Internet browser providers should consider removing RC4 from their TLS cipher lists.

PRODUCT TOUR






Latest Articles

IMAP/SMTP injection
September 12 2023
7 limitations of vulnerability scanners
September 10 2023
Clickjacking attack
September 10 2023
Session Fixation Attack
July 30 2023
Vulnerability management using AI
June 29 2023

Explore morearrow



Popular in Injection

WordPress Authenticated SQL Injection
June 29 2022
SQL injection(SQLi)
May 4 2022
Union Query SQL Injection (SQLi)
July 4 2018
Stacked Queries SQL Injection (SQLi)
July 4 2018
Inline Queries SQL Injection (SQLi)
July 4 2018

Explore morearrow

Categories

Client Side URL Redirect Cookies Attributes IBM SQL Injection Injection Time Based Blind SQL Injection SSL CRLF Content Security Policy CSRF HSTS CORS Information Leakage status code SRI metadata X-XSS-Protection owasp XSS Clickjacking Cookies Directory traversal DOM XSS Blind SQL Injection XML Injection blog TLS WordPress web security SMB Cyber attacks AI Web server Data Security DOMECTF2020 Container security CMS Security Code Execution Htaccess Bypass DOMECTF2021 Press Webinar RFI DevSecOps DOMECTF2022 openssl HTTP headers Compliance AppSec
Related Articles
Lack of HTTP Strict Transport Security(HSTS)
SSL
Lack of HTTP Strict Transport Security(HSTS)
24 Jun 2022
Renegotiation allowing to insert data into HTTPS sessions
SSL
Renegotiation allowing to insert data into HTTPS sessions
19 Jun 2022
Lucky Thirteen attack against implementations of the Transport Layer Security
SSL
Lucky Thirteen attack against implementations of the Transport Layer Security
19 Jun 2022
Logjam attack against the TLS protocol
SSL
Logjam attack against the TLS protocol
19 Apr 2022
Factoring RSA Export Keys (FREAK) Attack
SSL
Factoring RSA Export Keys (FREAK) Attack
19 Apr 2022
POODLE Attack
SSL
POODLE Attack
14 Jul 2021
SSL(Secure Sockets Layer) protocol version outdated
SSL
SSL(Secure Sockets Layer) protocol version outdated
04 Jul 2018
Tickets option leak uninitialised memory
SSL
Tickets option leak uninitialised memory
19 Jun 2018
SWEET32 attack
SSL
SWEET32 attack
19 Jun 2018
ROBOT attack (Bleichenbacher RSA)
SSL
ROBOT attack (Bleichenbacher RSA)
19 Jun 2018
Processing of Change Cipher Spec
SSL
Processing of Change Cipher Spec
19 Jun 2018
Obtain plaintext by observing length differences
SSL
Obtain plaintext by observing length differences
19 Jun 2018
Logjam common primes
SSL
Logjam common primes
19 Jun 2018
Heartbleed vulnerability
SSL
Heartbleed vulnerability
19 Jun 2018
Browser Exploit Against SSL/TLS
SSL
Browser Exploit Against SSL/TLS
19 Jun 2018