CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
78.8%
A vulnerability in the specification of the SSL 3.0 and TLS 1.0 protocols could allow an attacker to decrypt encrypted traffic.
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network application protocols such as HTTP, IMAP, POP3, LDAP, SMTP, and others. Several different versions of the SSL and TLS protocols have been standardized and are in widespread use. These protocols support the use of both block-based and stream-based ciphers.A vulnerability in the way the SSL 3.0 and TLS 1.0 protocols select the initialization vector (IV) when operating in cipher-block chaining (CBC) modes allows an attacker to perform a chosen-plaintext attack on encrypted traffic. This vulnerability has been addressed in the specification for the TLS 1.1 and TLS 1.2 protocols.
Workarounds
Some vendors have published specific mitigation advice for the attacks related to this issues. Please see the Vendor Information section of this document for more information.
The following general workarounds can be effective in mitigating this issue:
* Prioritize the use of the RC4 algorithm over block ciphers in server software
Note that this workaround is not feasible to implement on systems that require FIPS-140 compliance since RC4 is not a FIPS-approved cryptographic algorithm.
* Enable support for TLS 1.1 and/or TLS 1.2 in the web browser
* Enable support for TLS 1.1 in server software
864643
Filter by status: All Affected Not Affected Unknown
Filter by content: __Additional information available
__Sort by: Status Alphabetical
Expand all
Javascript is disabled. Clickhere to view vendors.
Updated: September 27, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: September 27, 2011
Statement Date: September 26, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: September 28, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: December 08, 2011
Statement Date: December 06, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: September 27, 2011
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: September 27, 2011
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: September 27, 2011
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Thanks to Thái Duong working with Matasano and Juliano Rizzo of Netifera for reporting the practical attack against this vulnerability. Wei Dai and Bodo Möller identified the underlying flaw in the context of SSL and TLS.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2011-3389 |
---|---|
Severity Metric: | 3.38 Date Public: |
blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
src.chromium.org/viewvc/chrome?view=rev&revision=97269
vnhacker.blogspot.com/2011/09/beast.html
www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
www.ekoparty.org/2011/juliano-rizzo.php
www.imperialviolet.org/2011/09/23/chromeandbeast.html
www.openssl.org/~bodo/tls-cbc.txt
www.phonefactor.com/blog/slaying-beast-mitigating-the-latest-ssltls-vulnerability.php
blog.torproject.org/blog/tor-and-beast-ssl-attack
bugzilla.mozilla.org/show_bug.cgi?id=665814