This article discusses the exposure of SecureAuth IdP Appliances to the BEAST vulnerability as described in CVE-2011-3389.
The vulnerability is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used
What might an attacker use the vulnerability to do?
An attacker monitoring an encrypted communication who successfully exploited this vulnerability could decrypt the intercepted encrypted traffic.
How could an attacker exploit the vulnerability?
An attacker could inject malicious code in an HTTP response or host a specially crafted website containing malicious code, forcing the browser to execute this malicious code. This code sends several requests, inside the same TLS / SSL session, to a third party HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker needs to be able to intercept this HTTPS traffic in order to exploit this vulnerability in SSL, resulting in the possibility to decrypt portions of the encrypted traffic (for example, authentication cookies).
Which systems are primarily at risk from the vulnerability?
Since the browser is the primary attack vector, any systems – such as workstations or terminal servers that send and receive HTTPS traffic – are at the most risk from this vulnerability.
Step 2 should be considered and applied on client browsers via a Group Policy or manual cipher priority reconfiguration along with the application of the latest updates from the Windows update site.
Microsoft has released a patch MS12-006 addressing the vulnerability in protocols TLS 1.0 & SSL 3.0. Some third party application issues have been reported after the application of this patch, but there have been no issues reported with SecureAuth IdP at the time of this writing.
See KB2643584 for more information
What is BEAST?
Short for Browser Exploit Against SSL/TLS, BEAST is a browser exploit against SSL/TLS that was revealed in late September 2011. This attack leverages weaknesses in cipher block chaining (CBC) to exploit the Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocol. The CBC vulnerability can enable man-in-the-middle (MITM) attacks against SSL in order to silently decrypt and obtain authentication tokens, thereby providing hackers access to data passed between a Web server and the Web browser accessing the server.
Are SecureAuth IdP Appliances impacted?
SecureAuth IdP Appliances use the Microsoft Windows Server operating system which is impacted by the BEAST vulnerability. The vulnerability affects the protocol itself and is not specific to the Windows operating system or SecureAuth IdP. See the Mitigation section below for ways to address this vulnerability.
Refer to Microsoft Knowledge Base Article 2588513 to use the automated Microsoft Fix it solution to enable or disable this workaround for TLS 1.1
|Web clients (Chrome, Firefox and Safari) do not provide support for TLS 1.1 and TLS 1.2, and therefore can perform the SSL negotiation with lower SSL / TLS versions|
Item 1 - Enable RC4 128/128
SecureAuth IdP's current build allows ciphers RC4 128/128, AES 128+, 3DES 168/168. However, some older versions of the SecureAuth appliance operating systems may have disabled RC4 128/128.
In this scenario, enable RC4 128/128 by applying the following as a .reg file or via the preferred method:
A. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
Item 2 - Reset SChannel settings to SecureAuth IdP default settings
Attached to this document is the default SChannel lockdown reg file with a .txt extension.
By reviewing this reg file – Schannel_lockdown_Default.reg.txt – all SChannel settings will be reset to SecureAuth IdP defaults.
Item 3 - Compatibility issues
If compatibility issues occur after executing the steps under Item 1, disable the patch by editing the registry:
A. Click Start, then Run, type regedit in the Open box, and then click OK
B. Locate and then click the following subkey in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
C. On the Edit menu, point to New, and then click DWORD Value
D. Type SendExtraRecord as the name of the DWORD, and then press ENTER
E. Right-click SendExtraRecord, and then click Modify
F. In the Value data box, type 2 to disable the split record in SChannel, and then click OK
G. Exit Registry Editor
Operating System Mitigation
Ensure the SecureAuth IdP Appliance is fully patched with the latest Microsoft Windows Server updates.
Web Browser Mitigation
Ensure end-users are running a modern and fully patched Web browser that includes protection against the BEAST attack. Major browser vendors have added workarounds to mitigate the attack since BEAST is primarily an attack against Web browsers.
TLS 1.0 Disablement
Disable TLS 1.0 and have users connect using TLS 1.1 or TLS 1.2 protocols which are immune to the BEAST attack. TLS 1.0 is now considered insecure and disabling the protocol improves the overall security of the SecureAuth IdP Appliance.
|UI Text Box|
Before disabling the TLS 1.0 protocol, SecureAuth recommends auditing the network for legacy devices that require the protocol for operation. If there is a device reliant upon the TLS 1.0 protocol and it is disabled, that device will no longer be able to communicate with the Appliance. To disable the protocol, SecureAuth recommends using the SecureAuth Crypto Tool which automates the process.
|UI Text Box|
SecureAuth IdP Appliances ship with SSL 3.0 disabled as the protocol is now considered insecure. If this protocol is currently enabled for compatibility with legacy applications, it must be disabled along with TLS 1.0 to fully mitigate the BEAST attack.
As with procedures recommended for TLS 1.0, an audit of the network should be conducted before disabling the SSL 3.0 protocol.
|UI Text Box|
When the BEAST vulnerability was first discovered it was commonly suggested that administrators emphasize RC4 ciphers over CBC to mitigate the vulnerability. However, in the intervening years, multiple issues have been discovered with RC4 which makes it a larger security risk than BEAST. SecureAuth advises against using RC4 ciphers to mitigate BEAST at this time.