"The server is vulnerable to the BEAST attack."
The Browser Exploit Against SSL/TLS (BEAST) attack affects the SSL 2.0, SSL 3.0 and TLS 1.0 protocols, allowing a bad actor to decrypt the contents of an SSL-encrypted or TLS-encrypted session between a Web browser and a website. The attacker takes advantage of weakness in the block-based cipher suites.
This is a client-side attack where the attacker needs to control the "victims" browser. Most browsers are vulnerable to the BEAST attack.
In a BEAST attack, the attacker acts as a man-in-the-middle and uses specially-crafted plaintext input to decrypt the contents of an SSL-encrypted or TLS-encrypted session between a Web browser and a website. This type of attack allows the attacker to recover sensitive information (e.g., HTTP Authentication cookies).
Disable all block-based cipher suites in your server’s SSL/TLS configuration. Only use this workaround if you can't enable TLS 1.2 or TLS 1.3 on servers and in browsers.
DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.
©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.