Security Experts:

Connect with us

Hi, what are you looking for?



New Attack on RC4-Based SSL/TLS Leverages 13-Year-Old Vulnerability

Researchers at Imperva’s Application Defense Center have found a way to leverage a 13-year-old vulnerability in the RC4 cryptographic algorithm to recover partial information from SSL/TLS-protected communications.

Researchers at Imperva’s Application Defense Center have found a way to leverage a 13-year-old vulnerability in the RC4 cryptographic algorithm to recover partial information from SSL/TLS-protected communications.

The Secure Sockets Layer (SSL) and the newer Transport Layer Security (TLS) cryptographic protocols are designed to provide authentication and secure communications. The protocols often leverage Rivest Cipher 4 (RC4), the most commonly used stream cipher, for protecting traffic.

However, over the past years, experts uncovered several flaws in RC4. Some of these issues made numerous headlines, but the vulnerability leveraged by Imperva in its attacks, dubbed the “Invariance Weakness,” has been in the shadows in the past 13 years, according to researchers.

Building on previous research, Imperva has managed to exploit the vulnerability for plaintext recovery attacks in which an attacker can extract partial data from protected communications, including payment card details, passwords, and session cookies. The attack, dubbed “Bar Mitzvah,” is similar to BEAST (Browser Exploit Against SSL/TLS), but it’s considered more stable.

In an attack scenario described by experts, the attacker intercepts a large number of SSL/TLS connections that use RC4, and waits until a weak key is found. The weak key can then be used to recover partial plain text data. Researchers have determined that one out of every 16 million RC4 keys is weak, and the number of attempts required to mount an attack is estimated to be 1 billion.

A malicious actor can only target the first 100 bytes of protected data. However, even partial data can be useful since it can facilitate brute-force attacks on sensitive information such as session cookies, passwords and credit card numbers, Imperva said.

In the non-targeted, passive version of the Bar Mitzvah attack, the attacker eavesdrops on the inbound traffic to a popular Web application. For every 1 billion connections, he can obtain one piece of sensitive information. However, in this scenario, the collected data belongs to random users and there is no way for the attacker to determine their identity.

An alternative attack scenario involves obtaining the 1 billion connections from a group of victims. This can be achieved by launching a man-in-the-middle attack against multiple users through DNS poisoning or a malicious hotspot.

“The security of RC4 has been questionable for many years, in particular its initialization mechanisms. However, only in recent years has this understanding begun translating into a call to retire RC4,” Imperva researchers wrote in their paper.

The chances of someone’s data getting compromised as a result of such an attack are small, but Imperva believes this vector should not be neglected. That is why the security firm advises administrators to disable RC4 in their apps’ configuration if possible. Users are advised to disable RC4 in their browsers, while browser vendors are urged to consider removing RC4 from their cipher lists. Microsoft, Mozilla and other organizations offer the same advice.

The complete Hacker Intelligence Initiative report from Imperva, titled “Attacking SSL when using RC4: Breaking SSL with a 13-year old RC4 Weakness,” is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet