BEAST Attack (CVE-2011-3389)

Description

BEAST stands for Browser Exploit Against SSL/TLS
The Browser Exploit Against SSL/TLS (BEAST) attack affects the TLS 1.0 \1.1 protocols.

Bussines Impact

This allows an attacker to decrypt the contents of an SSL-encrypted or TLS-encrypted session between a web browser and a website.

Recommendation

In order to mitigate this vulnerability please Enable TLS 1.2 or TLS 1.3 on servers that support these protocols and enable TLS 1.2 or TLS 1.3 in web browsers that support these protocols.

More Details

In 2011, security researchers presented an attack called BEAST at a security conference in Argentina, as reported by various media outlets worldwide. BEAST attacks are not easy to perform. The adversary needs to chain another exploit to become a man-in-the-middle and inject the content into the DataStream.

Reference

https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications/

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »