BEAST Attack (CVE-2011-3389)

Description

During the scan, Kayran managed to find a BEAST Attack (CVE-2011-3389) vulnerability.
BEAST stands for : Browser Exploit Against SSL/TLS.
The Browser Exploit Against SSL/TLS attack affects the TLS 1.0 \1.1 protocols.

This allows an attacker to decrypt the contents of an SSL-encrypted or TLS-encrypted sessions between a web browser and the website.

On 23 September 2011, researchers demonstrated a new attack called BEAST at a security conference in Argentina, as reported by various media outlets worldwide.
BEAST attacks are not easy to perform. The attacker needs to chain another exploit to become a Man-In-The-Middle and inject the content into the data stream.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

In order to mitigate this vulnerability please Enable TLS 1.2 or TLS 1.3 on servers that support these protocols. Also, enable TLS 1.2 or TLS 1.3 in web browsers that support these protocols.

References

https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications/

https://cwe.mitre.org/data/definitions/326.html

< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »