14 DAY TRIAL // An RC4 encryption algorithm security flaw dating back 13 years can be exploited by an attacker to discover data protected by SSL (Secure Sockets Layer) protocol in secure sessions.
Dubbed the “Bar-Mitzvah” attack, a suitable name given the age of the vulnerability, it is said that it can be carried out without interposing between the client and the server (man-in-the-middle), as it is the case with most encrypted data interceptions.
Itsik Mantin, security researcher at Imperva, presented his findings about the vulnerability, as well as the possibilities of attack on Thursday, at the Black Hat Asia security conference in Singapore.
RC4 is still widely deployed, despite being flawed
RC4 is widely used for data encryption by SSL and TLS secure communication protocols due to its simplicity and speed. Once considered among the best choices for securing information, it has been known for a long time that the algorithm is weak on newer systems.
The general recommendation is to disable RC4 altogether, with CDN (content delivery network) CloudFlare having already disabled support for this cipher on its infrastructure. Microsoft also started to offer the possibility to disable this encryption option on a large number of its products.
However, despite previous attacks proving RC4’s weakness (BEAST, CRIME), and more recent ones, there are still plenty of websites relying on RC4 (a scan from SSL Pulse on 150,000 sites in February 2015 showed that 74.5% of them still worked with this cipher).
TLS is also impacted, to some extent
In the abstract of his presentation, Mantin informs that the Bar Mitzvah attack can leverage the old vulnerability in RC4 to mount a partial plaintext recovery attack on information secured through SSL.
He says that the attack “is not limited to recovery of temporal session tokens, but can be used to steal parts of permanent secret data such as account credentials when delivered as POST parameters.”
Aside from this, passive eavesdropping to SSL sessions can be carried out in order to extract the seemingly secure data; this means that an active man-in-the-middle (MitM) is not necessary for the success of the operation.
It appears that a variation of the Bar Mitzvah attack allows retrieval, with a certain probability, of parts of a secret that was sent only once over a TLS connection.