Forum Discussion
New web attack on SSL/TLS using BEAST
In the link below, the POC mentioned injecting the js thru use of an iframe ad or just loading the BEAST js into browser, thereafter comes the second stage of sniffing and decrypting https cookie to hijack the secure session. Seems like CSRF but not really since it is claimed to decrypt cookie prior to all this. Hope that I did not misunderstood the process.
http://threatpost.com/en_us/blogs/n...ies-091611
It reminds of the SSL renegotiation saga which the initial response was to disable such protocol exchange since it s the protocol design issue. For this BEAST attack, before they say the crypto is flawed, I doubt we can even say to go ahead and disable use of SSL/TLS 1.0.
Hence, looking ahead (before the POC is released, if it is) will F5 ASM be using a signature detection approach or better still has an iRule to prevent its hijacking (code injection) from even happening?
Thanks
Bernard
- sec_netizen74_8NimbostratusTLS 1.2 does not exhibit this vulnerability. Are there any plans for BIG-IP SSL profiles to support TLS 1.2?
- BT_90520NimbostratusUnderstand that BIG-IP v11 should already support TLS 1.2 - try out "tmm --serverciphers 'DEFAULT'" to see.
- BAMcHenryRet. EmployeeMitigating the initial attack vector, which is a combination of XSS and CSRF is the best bet. BIG-IP v11 does support TLS1.2. However, I do not think that FireFox, Safari, or Chrome support TLS 1.2 yet. And on Windows, only Vista/7 with IE8+ support TLS 1.2. So, there's a very large portion of the Internet population unable to access any site that moved forward with enforcing TLS1.2-only right now.
- BT_90520NimbostratusThanks Brian. Also saw that the release note of v11 has stated the support of the TLS1.2
- BT_90520NimbostratusSorry I suppose it is LTM instead of ASM.
- JRahmAdminnon-CBC ciphers are not vulnerable, so you can mitigate by updating your SSL profiles to eliminate CBC and use something like RC4-sha (widely supported).
- BT_90520NimbostratusThought this link may help as it can specify which cipher to reject handshake. But in term of client connection, if ther is no common cipher suite the ssl handshake will fail meaning the client will get from bigip a tcp reset. applies to new connections. Suggest you check out v11 to captialise the tls1.2 crypto. Understand v10.2.3 also supports it. http://support.f5.com/kb/en-us/solutions/public/7000/800/sol7815.html
- jwham20Nimbostratus@orinzo
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com