RC4 was first introduced by a group of security scientists (Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt). They found out that a new attack against TLS with RC4 encryption allowed an attacker to recover plaintext data from the TLS connection. This attack was possible because of a flaw in the keystream generated by the RC4 algorithm. If the same plaintext is encrypted, again and again, it will leave traces. A remote attacker can perform a plaintext-recovery attack by sniffing the initial bytes of network traffic. The RC4 algorithm can be implemented in both TLS and SSL protocol. The RC4 algorithm is vulnerable during the initialisation phase when the algorithm does not properly combine state data with key data. The attacker can then use a brute-force attack using LSB values.
Using this vulnerability, an attacker can:-
perform a Man-In-The-Middle (MITM) attack. In this attack, an attacker can sniff the communication medium to access sensitive information about the end-users.
access the session cookie and recover parts of the cookie to access sensitive information. The attacker can use a BEAST attack to obtain a large number of encryptions. The attacker will use Javascript to make the end users download malicious files from an attacker-controlled website. The downloaded malware is used to generate many HTTPS requests to the victim web server. The session cookies are also included in these requests. An attacker who needs a new SSL connection using the new RC4 keystream prefixes can force terminate SSL session, even after the target encrypted cookie is sent. After this process, the browser will automatically establish a new SSL session every time when the next HTTPS request is sent.
Beagle recommends the following fixes:-