Documentation

 

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SecureAuth has determined from a vulnerability scan that the SecureAuth IdP Appliance could be susceptible to the BEAST vulnerability

The vulnerability addressed here is the SSL / TLS Information Disclosure Vulnerability: 
Panel
borderColor#000000
bgColorwhite
titleColorwhite
titleBGColor#000000
borderStylesolid
titleSymptom
Overview

This article discusses the exposure of SecureAuth IdP Appliances to the BEAST vulnerability as described in CVE-2011-3389.

Panel
borderColor#135570#444544
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#135570#444544
borderStylesolid
titleCause

The vulnerability is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used

Info

Refer to: MS Security Advisory 2588513

What might an attacker use the vulnerability to do?  

An attacker monitoring an encrypted communication who successfully exploited this vulnerability could decrypt the intercepted encrypted traffic.

How could an attacker exploit the vulnerability?

An attacker could inject malicious code in an HTTP response or host a specially crafted website containing malicious code, forcing the browser to execute this malicious code. This code sends several requests, inside the same TLS / SSL session, to a third party HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker needs to be able to intercept this HTTPS traffic in order to exploit this vulnerability in SSL, resulting in the possibility to decrypt portions of the encrypted traffic (for example, authentication cookies).

Which systems are primarily at risk from the vulnerability?

Since the browser is the primary attack vector, any systems – such as workstations or terminal servers that send and receive HTTPS traffic – are at the most risk from this vulnerability.

Panel
borderColor#116490Applies to
SecureAuth IdP VersionOS Version
7.x+
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
#007fb2

Mitigation

Apply the MS Patch as defined in Step 1 to mitigate the vulnerability.

SecureAuth recommends applying the workaround on the SecureAuth IdP appliance defined in Step 2.

Panel
Panel
borderColor
borderColor#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490#145570
borderStylesolid
titleResolution
Info

Step 2 should be considered and applied on client browsers via a Group Policy or manual cipher priority reconfiguration along with the application of the latest updates from the Windows update site.

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
titleStep 1

Microsoft has released a patch MS12-006 addressing the vulnerability in protocols TLS 1.0 & SSL 3.0. Some third party application issues have been reported after the application of this patch, but there have been no issues reported with SecureAuth IdP at the time of this writing.

See KB2643584 for more information

Info

What does the Microsoft update do? 
The update modifies the way that the Windows Secure Channel (SChannel) component sends and receives encrypted network packets. This addresses the vulnerability affecting WinHTTP and provides the possibility to enable the protection system-wide. However, in order to be protected from the web-based attack vector through Internet Explorer for this vulnerability, customers must install both this update, MS12-006, and the Cumulative Security Update for Internet Explorer (2618444), MS11-099.

Discussion

What is BEAST?

Short for Browser Exploit Against SSL/TLS, BEAST is a browser exploit against SSL/TLS that was revealed in late September 2011. This attack leverages weaknesses in cipher block chaining (CBC) to exploit the Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocol. The CBC vulnerability can enable man-in-the-middle (MITM) attacks against SSL in order to silently decrypt and obtain authentication tokens, thereby providing hackers access to data passed between a Web server and the Web browser accessing the server.

Are SecureAuth IdP Appliances impacted?

SecureAuth IdP Appliances use the Microsoft Windows Server operating system which is impacted by the BEAST vulnerability. The vulnerability affects the protocol itself and is not specific to the Windows operating system or SecureAuth IdP. See the Mitigation section below for ways to address this vulnerability.

#007fb2

Make the following changes to the SecureAuth IdP Appliance or other workstation:

A. Prioritize the RC4 cipher suites rather than CB. RC4 is a stream cipher, since the attack is effective against CBC based Ciphers. 

1. Go to Start, click Run and type “gpedit.msc

2. Go to Local Computer Policy > Administrative Templates > Network > SSL Configuration Settings

3. Move “TLS_RSA_WITH_RC4_128_SHA” to the top of the priority list; the UI suggests how to modify the settings
 

How to modify this setting
a. Open a blank Notepad document
b. Copy and paste the list of available suites into it
c. Arrange the suites in the correct order; remove any suites that will not be used
d. Place a comma at the end of every suite name except the last; ensure there are NO embedded spaces
e. Remove all the line breaks so that the cipher suite names are on a single, long line
f. Copy the cipher-suite line to the clipboard, and then paste it into the edit box; the maximum length is 1023 characters
B. Enable TLS 1.1 and / or TLS 1.2 on servers running Windows 7 or Windows Server 2008 R2 if not already enabled. See Additional Information item 2 below.
 
Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor
#126591
borderStylesolid
title
Step 2
Info

Refer to Microsoft Knowledge Base Article 2588513 to use the automated Microsoft Fix it solution to enable or disable this workaround for TLS 1.1

Warning
Web clients (Chrome, Firefox and Safari) do not provide support for TLS 1.1 and TLS 1.2, and therefore can perform the SSL negotiation with lower SSL / TLS versions
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
titleAdditional Information

Item 1 - Enable RC4 128/128

SecureAuth IdP's current build allows ciphers RC4 128/128, AES 128+, 3DES 168/168. However, some older versions of the SecureAuth appliance operating systems may have disabled RC4 128/128.

In this scenario, enable RC4 128/128 by applying the following as a .reg file or via the preferred method:

A. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] 

B. "Enabled"=dword:ffffffff

Item 2 - Reset SChannel settings to SecureAuth IdP default settings

Attached to this document is the default SChannel lockdown reg file with a .txt extension.

By reviewing this reg file – Schannel_lockdown_Default.reg.txtall SChannel settings will be reset to SecureAuth IdP defaults.

Item 3 - Compatibility issues

If compatibility issues occur after executing the steps under Item 1, disable the patch by editing the registry:

A. Click Start, then Run, type regedit in the Open box, and then click OK

B. Locate and then click the following subkey in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

C. On the Edit menu, point to New, and then click DWORD Value

D. Type SendExtraRecord as the name of the DWORD, and then press ENTER

E. Right-click SendExtraRecord, and then click Modify

F. In the Value data box, type 2 to disable the split record in SChannel, and then click OK

G. Exit Registry Editor

 

WarningThe above registry key disables the patch applied on the server, and the server is exposed to the vulnerability again. In this situation, disable all CBC based ciphers and prioritize RC4 based ciphers
Mitigation

Operating System Mitigation

Ensure the SecureAuth IdP Appliance is fully patched with the latest Microsoft Windows Server updates.

Web Browser Mitigation

Ensure end-users are running a modern and fully patched Web browser that includes protection against the BEAST attack. Major browser vendors have added workarounds to mitigate the attack since BEAST is primarily an attack against Web browsers.

TLS 1.0 Disablement

Disable TLS 1.0 and have users connect using TLS 1.1 or TLS 1.2 protocols which are immune to the BEAST attack. TLS 1.0 is now considered insecure and disabling the protocol improves the overall security of the SecureAuth IdP Appliance.

UI Text Box
typenote

Before disabling the TLS 1.0 protocol, SecureAuth recommends auditing the network for legacy devices that require the protocol for operation. If there is a device reliant upon the TLS 1.0 protocol and it is disabled, that device will no longer be able to communicate with the Appliance. To disable the protocol, SecureAuth recommends using the SecureAuth Crypto Tool which automates the process.

UI Text Box
titleSSL 3.0
typenote

SecureAuth IdP Appliances ship with SSL 3.0 disabled as the protocol is now considered insecure. If this protocol is currently enabled for compatibility with legacy applications, it must be disabled along with TLS 1.0 to fully mitigate the BEAST attack.

As with procedures recommended for TLS 1.0, an audit of the network should be conducted before disabling the SSL 3.0 protocol.

UI Text Box
titleRC4 Ciphers
typeinfo

When the BEAST vulnerability was first discovered it was commonly suggested that administrators emphasize RC4 ciphers over CBC to mitigate the vulnerability. However, in the intervening years, multiple issues have been discovered with RC4 which makes it a larger security risk than BEAST. SecureAuth advises against using RC4 ciphers to mitigate BEAST at this time.