BEAST

Browser Exploit Against SSL/TLS

"The server is vulnerable to the BEAST attack."

Problem

The Browser Exploit Against SSL/TLS (BEAST) attack affects the SSL 2.0, SSL 3.0 and TLS 1.0 protocols, allowing a bad actor to decrypt the contents of an SSL-encrypted or TLS-encrypted session between a Web browser and a website. The attacker takes advantage of weakness in the block-based cipher suites.

This is a client-side attack where the attacker needs to control the "victims" browser. Most browsers are vulnerable to the BEAST attack.

In a BEAST attack, the attacker acts as a man-in-the-middle and uses specially-crafted plaintext input to decrypt the contents of an SSL-encrypted or TLS-encrypted session between a Web browser and a website. This type of attack allows the attacker to recover sensitive information (e.g., HTTP Authentication cookies).

Solution

  • Enable TLS 1.2 or TLS 1.3 on servers that support these protocols.
  • Enable TLS 1.2 or TLS 1.3 in Web browsers that support these protocols.

Workaround

Disable all block-based cipher suites in your server’s SSL/TLS configuration. Only use this workaround if you can't enable TLS 1.2 or TLS 1.3 on servers and in browsers.