AnsweredAssumed Answered

SSL/TLS Vuln Zero Day & BEAST

Question asked by QM_SSJ4 on Oct 3, 2011
Latest reply on Jan 16, 2013 by Ivan Ristić

As you may have read, there have been reports of a new Exploit Kit released for the SSL/TLS Information Disclosure Vulnerability Zero Day called Browser Exploit Against SSL/TLS (BEAST). From SANS, "this hacking tool attacks browsers and decrypts cookies, potentially giving attackers access to encrypted website log-on credentials if the traffic is intercepted." They also note, it's important to understand that the BEAST exploit is actually a combination of two exploits:
1) The injection of JavaScript code into the SSL stream.
-AND-
2) An exploitable flaw in Java that can be used to bypass the browser's Same Origin Policy (SOP).

 

Qualys has a QID (90741) to detect this Vulnerability, that appears to check whether or not the Windows Web Server supports the vulnerable SSL 3.0/TLS 1.0 versions (not sure if it does anything else).

 

Is this motivating anyone to accelerate plans to move to the newer of TLS and/or take additional precautions?

Any other thoughts on this Zero Day and/or Exploit?

 

Additional links to related information is below:
http://www.computerworld.com/s/article/9220331/Microsoft_promises_patch_to_block_BEAST_attacks?taxonomyId=17
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx

Outcomes