SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

It may be possible to obtain sensitive information from the remote
host with SSL/TLS-enabled services.

Description :

A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow
information disclosure if an attacker intercepts encrypted traffic
served from an affected system.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are
not affected.

This plugin tries to establish an SSL/TLS remote connection using an
affected SSL version and cipher suite and then solicits return data.
If returned application data is not fragmented with an empty or
one-byte record, it is likely vulnerable.

OpenSSL uses empty fragments as a countermeasure unless the
'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL
is initialized.

Microsoft implemented one-byte fragments as a countermeasure, and the
setting can be controlled via the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord.

Therefore, if multiple applications use the same SSL/TLS
implementation, some may be vulnerable while others may not be,
depending on whether or not a countermeasure has been enabled.

Note that this plugin detects the vulnerability in the SSLv3/TLSv1
protocol implemented in the server. It does not detect the BEAST
attack where it exploits the vulnerability at HTTPS client-side
(i.e., Internet browser). The detection at server-side does not
necessarily mean your server is vulnerable to the BEAST attack,
because the attack exploits the vulnerability at the client-side, and
both SSL/TLS clients and servers can independently employ the split
record countermeasure.

See also :

http://www.openssl.org/~bodo/tls-cbc.txt
https://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://vnhacker.blogspot.com/2011/09/beast.html
https://technet.microsoft.com/library/security/ms12-006
https://support.microsoft.com/en-us/kb/2643584
http://blogs.msdn.com/b/kaushal/archive/2012/01/21/fixing-the-beast.aspx

Solution :

Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
Configure SSL/TLS servers to only support cipher suites that do not
use block ciphers. Apply patches if available.

Note that additional configuration may be required after the
installation of the MS12-006 security update in order to enable the
split-record countermeasure. See Microsoft KB2643584 for details.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 58751 ()

Bugtraq ID: 49778

CVE ID: CVE-2011-3389

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial