BEAST Attack (CVE-2011-3389)


During the scan, Kayran managed to find a BEAST Attack (CVE-2011-3389) vulnerability.
BEAST stands for : Browser Exploit Against SSL/TLS.
The Browser Exploit Against SSL/TLS attack affects the TLS 1.0 \1.1 protocols.

This allows an attacker to decrypt the contents of an SSL-encrypted or TLS-encrypted sessions between a web browser and the website.

On 23 September 2011, researchers demonstrated a new attack called BEAST at a security conference in Argentina, as reported by various media outlets worldwide.
BEAST attacks are not easy to perform. The attacker needs to chain another exploit to become a Man-In-The-Middle and inject the content into the data stream.


CVSS Version 2.0 – 4.3 Medium


In order to mitigate this vulnerability please Enable TLS 1.2 or TLS 1.3 on servers that support these protocols. Also, enable TLS 1.2 or TLS 1.3 in web browsers that support these protocols.


< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »