Skip navigation
18807 Views 18 Replies Latest reply: Sep 25, 2012 1:36 AM by Muhammad Anzar RSS
Currently Being Moderated

Oct 3, 2011 11:37 PM

BEAST vulnerability detection

I just noticed that a new v1.0.87 has been deployed and displays a "BEAST attack: vulnerable".

 

Based on what criteria are you concluding that a server is indeed vulnerable: does a lacking RC4 preferred cipher automatically mean that you consider a server prone to a BEAST attack?

 

On a test server, I don't include RC4 (whether preferred or optional), but instead opted to activate empty fragments for TLS 1.0 and switched to OpenSSL 1.0.1-stable to get TLS 1.1.

 

As far as I tested, only IE6 on Windows XP can't handle empty fragments. All other IE versions, whether on XP or 7 are able to connect just fine. Same for recent versions of Firefox, Chrome and Opera.

  • Ivan Ristic Level 5 504 posts since
    Jul 23, 2010
    Currently Being Moderated
    Oct 4, 2011 7:02 AM (in response to steve)
    BEAST vulnerability detection

    Yes, you're right: in 1.0.87 I considered a server to be vulnerable if RC4 is not prioritized. However, as you point out, that's inaccurate. Short term, I will remove the warning for those servers that do not use RC4 as a mitigation technique, and only display "Not vulnerable" for those that do. Long term, I will improve the detection. Thank you for bringing this to my attention.

     

    If it's not a problem, please send me your server details so that I can test the improved detection with it.

     

    Thanks.

    • Ivan Ristic Level 5 504 posts since
      Jul 23, 2010
      Currently Being Moderated
      Jan 16, 2012 6:13 AM (in response to steve)
      BEAST vulnerability detection

      Steve, the BEAST test currently depends on the cipher suite preference test, and the latter is not always possible to carry out. It seems that some web servers chose to mitigate BEAST by forcing RC4 ciphers, even when they are not offered by the connecting client. In practice this works because virtually every browsers supports RC4. When it comes to SSL Labs, however, the forcing of RC4 breaks our cipher suite preference test, and thus the BEAST test.

       

      We're saying "unknown" at the moment, which I thought is better than saying either "Vulnerable" or "Not vulnerable". I will fix the issue as soon as I can schedule some development time for it.

      • Ivan Ristic Level 5 504 posts since
        Jul 23, 2010
        Currently Being Moderated
        Jan 18, 2012 4:45 AM (in response to Ivan Ristic)
        BEAST vulnerability detection

        This is now fixed in 1.0.101. However, this is an area where server behaviour changes constantly and will continue as web sites mitigate against BEAST and deploy TLS 1.1 and TLS 1.2. We will continue to monitor the situation and tweak the test accordingly. Thanks for your help.

          • Ivan Ristic Level 5 504 posts since
            Jul 23, 2010
            Currently Being Moderated
            Jan 24, 2012 5:08 AM (in response to steve)
            BEAST vulnerability detection

            I think you need to remove SHA256 from the string. In my test, your server responded with TLS_RSA_WITH_AES_256_CBC_SHA when using TLS 1.0.

  • Satyen Shah Lurker 1 posts since
    Jun 2, 2012
    Currently Being Moderated
    Jun 2, 2012 5:12 AM (in response to steve)
    BEAST vulnerability detection

    The tester reports my windows server is vulnerable to BEAST.  The server does have automatic updates enabled, and KB2585542 installed.  Should I still be concerned about BEAST?

    • Ivan Ristic Level 5 504 posts since
      Jul 23, 2010
      Currently Being Moderated
      Jun 6, 2012 1:08 AM (in response to Satyen Shah)
      BEAST vulnerability detection

      In my opinion, yes. You should take the steps to address the BEAST problem, as explained here:

       

      https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

       

      KB2585542 addresses only the client side of the BEAST attack, but there's nothing that can be done on the server side for it with a patch.

      • rmoriz Level 1 5 posts since
        Jun 21, 2012
        Currently Being Moderated
        Jun 21, 2012 4:29 AM (in response to Ivan Ristic)
        BEAST vulnerability detection

        It seems that the BEAST detection produces false positives:

         

        e.g.

         

        https://www.ssllabs.com/ssltest/analyze.html?d=roland.io

          • rmoriz Level 1 5 posts since
            Jun 21, 2012
            Currently Being Moderated
            Jun 21, 2012 6:42 AM (in response to steve)
            BEAST vulnerability detection

            using RC4 reduces the rating for ciphers :/

            • Ivan Ristic Level 5 504 posts since
              Jul 23, 2010
              Currently Being Moderated
              Jun 21, 2012 7:12 AM (in response to rmoriz)
              BEAST vulnerability detection

              That's only because we're slow to update the rating guide. Everyone vulnerable to BEAST should really get a zero score.

              • rmoriz Level 1 5 posts since
                Jun 21, 2012
                Currently Being Moderated
                Jun 21, 2012 7:25 AM (in response to steve)
                BEAST vulnerability detection

                My current goal is to get the max out of the possibilties and then check how to deal with clients. Quite a 'whitelist' approach.

                 

                I fully understand, that this is not usable outside a "lab condition" but I prefer this way instead of starting "fully vulnerable" and patching the holes as they get found...

                • Muhammad Anzar Lurker 3 posts since
                  Sep 20, 2012
                  Currently Being Moderated
                  Sep 25, 2012 1:36 AM (in response to rmoriz)
                  BEAST vulnerability detection

                  Securitymetrics problem will solve with following SSL configuration.

                   

                          SSLEngine on

                          SSLProtocol -SSLv2 -TLSv1 +SSLv3

                          SSLHonorCipherOrder On

                          SSLCipherSuite RC4:HIGH:!AES256-SHA:!AES128-SHA:!DES-CBC3-SHA:!MD5:!aNULL:!EDH

                   

                   

                  One basic thing, Block negotiated ciphersuite negotiated which was mentioned compliance report. Example : AES256-SHA negotiated and listed in Compliance then block !AES256-SHA

                   

                   

                  Muhammad Anzar

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points