BEAST Vulnerability?
DANMOH009
Member Posts: 241
Ive been reading up on this for quite some time and i still don't quite understand it, wondering if someone can help.
So far a brief over view is:
BEAST - (Browser Exploit Against SSL/TLS) Vulnerability - Is a exploit which is found in TLS 1.0. Where the injection of plain text packets allows the attacker to decrypt things i.e session IDs hence causing mayhem.
What i don't understand is how (and i think i missing the basics here)? What can an Inject of a plain text packet do to start this decrypt process?
Ive read the post below which helped, but still none the wiser.
Should You Fear the BEAST?
So far a brief over view is:
BEAST - (Browser Exploit Against SSL/TLS) Vulnerability - Is a exploit which is found in TLS 1.0. Where the injection of plain text packets allows the attacker to decrypt things i.e session IDs hence causing mayhem.
What i don't understand is how (and i think i missing the basics here)? What can an Inject of a plain text packet do to start this decrypt process?
Ive read the post below which helped, but still none the wiser.
Should You Fear the BEAST?
Comments
-
Cyanic Member Posts: 289It states in the article that this is a Man-In-The-Middle attack, meaning that you have to position yourself (the attacker) in between the client and the server. ARP poisoning is one way to become a MITM. Once you are positioned you can then manipulate packets and in this case possibly figure out the encryption keys and then read the entire session and possibly do more sophisticated injections into the encrypted stream.
It looks like the plain text is used to figure out a pattern in the return traffic, basically there is a weakness in the implementation of the encryption. After so many iterations of this plain text injection, you can unmask the session keys. -
DANMOH009 Member Posts: 241Hi Cynaic thanks for getting back to me, I don't quite understand you on this though:
Plain text is used to figure out the pattern, I'm wondering how insert a plain text pattern can do this?