Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New Attack on RC4-Based SSL/TLS Leverages 13-Year-Old Vulnerability

Researchers at Imperva’s Application Defense Center have found a way to leverage a 13-year-old vulnerability in the RC4 cryptographic algorithm to recover partial information from SSL/TLS-protected communications.

Researchers at Imperva’s Application Defense Center have found a way to leverage a 13-year-old vulnerability in the RC4 cryptographic algorithm to recover partial information from SSL/TLS-protected communications.

The Secure Sockets Layer (SSL) and the newer Transport Layer Security (TLS) cryptographic protocols are designed to provide authentication and secure communications. The protocols often leverage Rivest Cipher 4 (RC4), the most commonly used stream cipher, for protecting traffic.

However, over the past years, experts uncovered several flaws in RC4. Some of these issues made numerous headlines, but the vulnerability leveraged by Imperva in its attacks, dubbed the “Invariance Weakness,” has been in the shadows in the past 13 years, according to researchers.

Building on previous research, Imperva has managed to exploit the vulnerability for plaintext recovery attacks in which an attacker can extract partial data from protected communications, including payment card details, passwords, and session cookies. The attack, dubbed “Bar Mitzvah,” is similar to BEAST (Browser Exploit Against SSL/TLS), but it’s considered more stable.

In an attack scenario described by experts, the attacker intercepts a large number of SSL/TLS connections that use RC4, and waits until a weak key is found. The weak key can then be used to recover partial plain text data. Researchers have determined that one out of every 16 million RC4 keys is weak, and the number of attempts required to mount an attack is estimated to be 1 billion.

A malicious actor can only target the first 100 bytes of protected data. However, even partial data can be useful since it can facilitate brute-force attacks on sensitive information such as session cookies, passwords and credit card numbers, Imperva said.

In the non-targeted, passive version of the Bar Mitzvah attack, the attacker eavesdrops on the inbound traffic to a popular Web application. For every 1 billion connections, he can obtain one piece of sensitive information. However, in this scenario, the collected data belongs to random users and there is no way for the attacker to determine their identity.

An alternative attack scenario involves obtaining the 1 billion connections from a group of victims. This can be achieved by launching a man-in-the-middle attack against multiple users through DNS poisoning or a malicious hotspot.

Advertisement. Scroll to continue reading.

“The security of RC4 has been questionable for many years, in particular its initialization mechanisms. However, only in recent years has this understanding begun translating into a call to retire RC4,” Imperva researchers wrote in their paper.

The chances of someone’s data getting compromised as a result of such an attack are small, but Imperva believes this vector should not be neglected. That is why the security firm advises administrators to disable RC4 in their apps’ configuration if possible. Users are advised to disable RC4 in their browsers, while browser vendors are urged to consider removing RC4 from their cipher lists. Microsoft, Mozilla and other organizations offer the same advice.

The complete Hacker Intelligence Initiative report from Imperva, titled “Attacking SSL when using RC4: Breaking SSL with a 13-year old RC4 Weakness,” is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.