Browser Exploit Against SSL/TLS (BEAST)
Author: HollyGraceful Published: 21 October 2022 Last Updated: 03 November 2022
BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC).
Although fixed in TLSv1.1. The issue has been known about for a long time, but was largely thought to be theoretical. It was demonstrated as practical in 2011.
The exploit requires the attacker to be able to perform an interception attack on network traffic and must be able to inject data into the session; the latter of which could be achieved through causing a user to visit a malicious website. The specifics of the attack combine a record-splitting with a chosen boundary attack. If successful it would allow an attacker to determine the plaintext for a very small amount of ciphertext – such as a session token or other sensitive cookie value.
However, this attack is largely impractical now due to requiring an outdated browser (major browsers disabled TLSv1.0 in around July 2020) and the use of a CBC-mode cipher (all use of CBC-mode ciphers is discouraged due to a series of known weaknesses and prior vulnerabilities). Additionally, the attacker must be able be able to perform an interception attack with the ability to inject traffic (this would typically require the attacker to be on the same network as the user and have the user either visit an otherwise vulnerable web application or visit a malicious page).
It is recommended that:
- All versions of SSL are disabled
- TLSv1.0 and TLSv1.1 are disabled (although TLSv1.1 is not affected by this issue its use is discouraged)
- CBC-mode ciphers are disabled (all use of CBC-mode ciphers is discouraged).