BEAST Attack (CVE-2011-3389)

Description

During the scan, Kayran managed to find a BEAST Attack (CVE-2011-3389) vulnerability.
BEAST stands for : Browser Exploit Against SSL/TLS.
The Browser Exploit Against SSL/TLS attack affects the TLS 1.0 \1.1 protocols.

This allows an attacker to decrypt the contents of an SSL-encrypted or TLS-encrypted sessions between a web browser and the website.

On 23 September 2011, researchers demonstrated a new attack called BEAST at a security conference in Argentina, as reported by various media outlets worldwide.
BEAST attacks are not easy to perform. The attacker needs to chain another exploit to become a Man-In-The-Middle and inject the content into the data stream.

Recommendation

In order to mitigate this vulnerability please Enable TLS 1.2 or TLS 1.3 on servers that support these protocols. Also, enable TLS 1.2 or TLS 1.3 in web browsers that support these protocols.

References

https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications/

< Return to all Vulnerabilities

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »