SecureBlackbox 16: Security Advisory: On the information disclosure vulnerability in the SSL 3.0 and TLS 1.0 protocols (Rizzo/Duong "BEAST" attack)
Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.
On September 23, 2011, two security researchers, Thai Duong and Juliano Rizzo, presented their web browser exploit aimed at the disclosure of information transmitted over secure HTTP sessions. Authentication cookies, which are widely used to identify the user to various e-commerce platforms, were named among potential attack goals.
The exploited protocol vulnerability is not brand new and has been pointed out as far back in 2004 by Bodo Möller and later investigated further by several other researchers. Eventually, two new revisions of the protocol, TLS 1.1 and 1.2, which particularly address the vulnerability, were developed and standardized. Still, as no real-world exploit utilizing the attacks had ever been developed, those new versions never gained popularity among vendors of SSL/TLS engines, who claimed there was "no demand" for them. TLS 1.1 and 1.2 remain quite exotic; some TLS implementations even chance to misbehave and crash when the remote side offers to use TLS 1.1 or 1.2.
The attack discovered by Duong and Rizzo appears to be the first practical implementation aimed at exploiting the mentioned protocol vulnerability. The attack utilizes several smart techniques and relies on modern Web 2.0 technologies and specifics of the HTTP protocol. Still, HTTP is not the only protocol that could be affected; theoretically, similar exploits can be created for other SSL/TLS-secured application-layer protocols, such as SMTP or POP3.
Suggestions for SecureBlackbox users
The vulnerability in the protocol does not affect the SecureBlackbox components directly. Instead, it’s SecureBlackbox-driven applications that should be checked for their vulnerability to the attack. Your application might be vulnerable if it is a subject for all the criteria listed below:
- The application allows external parties to initiate SSL/TLS connections on its behalf with the use of its SecureBlackbox-driven engine.
- The application repeatedly inserts the same sensitive information to externally originating requests.
Assume you develop a web browser that supports Java applets. Then your application has a high risk of being vulnerable, as it allows an external party (Java applets) to initiate SSL/TLS connections to remote servers (criterion 1), and repeatedly inserts sensitive data (authentication cookies) to these requests (criterion 2).
Attack type: Man-in-the-middle attack exploiting protocol and application vulnerabilities
Attack location: SSL/TLS client (mainly a browser; other options are a mail agent or FTP client)
Protocol versions that are vulnerable: SSL 3.0, TLS 1.0
Attack goal: Application-layer secret transferred within the SSL/TLS connection (e.g., cookies)
Attack criticality: Low to medium
Attack techniques: Sniffers, automated SSL/TLS request invocation environment, HTTP code injection
You can read more about the attack at the links below:
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at email@example.com.