U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Bar Mitzvah attack exploits the Invariance Weakness in RC4

Bar Mitzvah is the name of a new attack on RC4-Based SSL/TLS encryption that allows disclosure of sensitive data by exploiting  a 13-Year-Old Vulnerability. Both Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) cryptographic protocols rely on the Rivest Cipher 4 (RC4) algorithm to encrypt data transfers. The problem is that the […]

Bar Mitzvah attack exploits the Invariance Weakness in RC4

Bar Mitzvah is the name of a new attack on RC4-Based SSL/TLS encryption that allows disclosure of sensitive data by exploiting  a 13-Year-Old Vulnerability.

Both Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) cryptographic protocols rely on the Rivest Cipher 4 (RC4) algorithm to encrypt data transfers.

The problem is that the RC4 is affected by several security issues, the last discovered in order of time, “Invariance Weakness,” was reported by Imperva that exploited it in an attack dubbed “Bar Mitzvah.”

The Invariance Weakness has been uncovered in the past 13 years, the experts demonstrated that the vulnerability could be exploited for plaintext recovery attacks allowing the attacker to extract partial data from protected communications.

The Bar Mitzvah attack could allow hackers to access a portion of traffic containing sensitive data, card details, and session cookies.

The attack, dubbed “Bar Mitzvah,” is similar to Browser Exploit Against SSL/TLS, aka BEAST attack.

The experts explained that in order to run the Bar Mitzvah, the attackers need to intercept a large number of SSL/TLS connections that use RC4 with the intent to find a weak key. Once discovered the weak key, the attacker can use it to recover partial plain text data.

The experts have estimated that to run an attack, it is necessary a number of attempts of 1 billion to discover a weak key out of every 16 million RC4 keys.

RC4 encryption attack

In order to reduce the complexity of the attack, an attacker can only target the first 100 bytes of protected data. The partial data could be used to improve a brute-force attacks on sensitive information (i.e. session cookies, sensitive data).

“Given that the Invariance Weakness is expressed only in the first 100 bytes of the keystream, it can be used only for the first 100 bytes of the protected upstream traffic and the first 100 bytes of the protected downstream traffic. Given that the first encrypted message in each direction is the SSL Handshake Finished message (36-bytes in typical usage of SSL), about 64 bytes of secret plaintext data are left for the attack.”  states the report published by Imperva titled “Attacking SSL when using RC4: Breaking SSL with a 13-year old RC4 Weakness.” 

The report also detailed another attack mode for the Bar Mitzvah, the Non-Targeted Passive Attack, in which the attacker exploit the Invariance Weakness to eavesdrop the traffic directed to a specific website. The attacker will be able to access one piece of sensitive information every 1 billion connections, but in this attack scenario it is impossible to discriminate the identity of a specific user. A variant of the Non-Targeted Passive Attack could obtain 1 billion connections from a group of victims, for example, launching a man-in-the-middle attack against multiple users through DNS poisoning.

As a countermeasure for the Bar Mitzvah it is suggested to avoid the use of the RC4 algorithm.

Despite the likelihood of being compromised by a Bar Mitzvah attack is low, the experts stress doesn’t underestimate it.

Pierluigi Paganini

(Security Affairs –  Bar Mitzvah,   encryption, RC4)