Knowledge Center Search


 

SSL v3/TLS 1.0 BEAST security issue (CVE-2011-3389)

  [KB21985] Show KB Properties

  [KB21985] Hide KB Properties

Categories:
Knowledge Base ID: KB21985
Last Updated: 22 Jan 2014
Version: 9.0

Summary:
On September 23rd, 2011, a research paper was published at a security conference regarding an attack on the SSLv3/TLS 1.0 protocol. Up until recently this attack was only theoretical. 

MITRE CVE-2011-3389 describes the issue as follows:

"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack."

Problem or Goal:
The BEAST issue is a vulnerbility on the client side (web browser). For this attack to be carried out there are many requirements that need to fall into place. The attack in nature is difficult to exploit due to these requirements. For example, the attacker will need to be able to intercept all client network traffic as well as predict which HTTPS site the user will go to in the future. 

The following article describes the requirements for this attack to take place: http://luxsci.com/blog/is-ssltls-really-broken-by-the-beast-attack-what-is-the-real-story-what-should-i-do.html 

More information on the attack: http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html

Note: Juniper is supplying these URLs for reference only. We do not guarantee nor have directly verified the validity of statements made by third parties.

MITRE CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

Cause:
 

Solution:
Fixes for the issue have been released by most major browser vendors. Please refer to the following table below for information from browser vendor fixes:

Microsoft Internet Explorer http://technet.microsoft.com/en-us/security/bulletin/ms12-006
Google Chrome http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=665814 & https://bugzilla.mozilla.org/show_bug.cgi?id=702111
Apple Safari (10.9 Mavericks)  support.apple.com/kb/HT6011

Current mitigations or client side fixes:

We recommend using AES/3DES at this time, but only if the clients are using a fixed browser (see browser table above).

Note: Previously RC4 was the recommended cipher to mitigate the BEAST issue. This recommendation has changed since most major browsers have fixes in place for the issue. If you are unable to use a browser that contains a fix for BEAST, RC4 would still be the best cipher to choose until you can upgrade your browser.

Junos OS (not vulnerable):

OpenSSL, which currently is part of Junos, has a counter measure for a known IV issue with CBC ciphers, which, by default, is enabled. Refer to the Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures link for more information about these countermeasures.

In particular, OpenSSL versions 0.9.6d or later (found in Junos 11.1R1 or ater) implement a feature, in which an empty TLS record is sent immediately, before sending a message. This empty TLS record causes a change in the CBC state, as in it triggers the a new IV message, which the attacker cannot predict. In OpenSSL versions 0.9.6d or later, by default, this protocol-level mitigation is enabled; which makes the Junos OS invulnerable to the BEAST attack.

Purpose:
Configuration
Implementation
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.