BEAST (Browser Exploit Against SSL/TLS) Vulnerability
$250-750 USD
Cancelled
Posted over 11 years ago
$250-750 USD
Paid on delivery
The SSL protocol encrypts data by using CBC mode with chained
initialization vectors. This allows an attacker, which is has gotten
access to an HTTPS session via man-in-the-middle (MITM) attacks
or other means, to obtain plain text HTTP headers via a blockwise
chosen-boundary attack (BCBA) in conjunction with Javascript code
that uses the HTML5 WebSocket API, the Java URLConnection API,
or the Silverlight WebClient API. This vulnerability is more commonly
referred to as Browser Exploit Against SSL/TLS or "BEAST".
Service: Apache-Coyote/1.1
Evidence:
• Cipher Suite: SSLv3 : DHE-RSA-AES128-SHA
• Cipher Suite: SSLv3 : AES128-SHA
• Cipher Suite: SSLv3 : EDH-RSA-DES-CBC3-SHA
• Cipher Suite: SSLv3 : EDH-RSA-DES-CBC-SHA
• Cipher Suite: SSLv3 : EXP-EDH-RSA-DES-CBC-SHA
• Cipher Suite: SSLv3 : DES-CBC3-SHA
• Cipher Suite: SSLv3 : DES-CBC-SHA
Hello,
Working for a hosting company, I've resolved this issue many times. Once I receive access, I should be able to patch up this issue within an hour.