AnsweredAssumed Answered

SSL/TLS Vuln Zero Day & BEAST

Question asked by QM_SSJ4 on Oct 3, 2011
Latest reply on Jan 16, 2013 by Ivan Ristić

As you may have read, there have been reports of a new Exploit Kit released for the SSL/TLS Information Disclosure Vulnerability Zero Day called Browser Exploit Against SSL/TLS (BEAST). From SANS, "this hacking tool attacks browsers and decrypts cookies, potentially giving attackers access to encrypted website log-on credentials if the traffic is intercepted." They also note, it's important to understand that the BEAST exploit is actually a combination of two exploits:
1) The injection of JavaScript code into the SSL stream.
2) An exploitable flaw in Java that can be used to bypass the browser's Same Origin Policy (SOP).


Qualys has a QID (90741) to detect this Vulnerability, that appears to check whether or not the Windows Web Server supports the vulnerable SSL 3.0/TLS 1.0 versions (not sure if it does anything else).


Is this motivating anyone to accelerate plans to move to the newer of TLS and/or take additional precautions?

Any other thoughts on this Zero Day and/or Exploit?


Additional links to related information is below: