Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Explanation: The BEAST attack
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Description
Solution
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, also known as the "BEAST" (Browser Exploit Against SSL/TLS) attack.
The BEAST attack is only applicable to TLS 1.0 with cipher suites using CBC mode. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected (for example, RC4 128).
The problem is essentially a client side issue, and all major web browsers (Firefox, Chrome, MSIE) have updated versions available for download, which fix this issue. However, even though it's a client side problem, the FortiOS firmware version 4.0 MR3 Patch 3 and higher, and the FortiOS firmware 5.0 has a counter measure for this attack (by using a method of sending empty fragments), if CBC cipher suites are used. Despite this counter measure, several customers using FortiOS firmware 4.0 MR3 Patch 3 and higher, and FortiOS version 5.0, have reported PCI audit failure, as the audit software indicated that a FortiGate unit, running these firmware versions, was detected as vulnerable to the BEAST attack.
If a FortiGate unit running FortiOS 4.0 MR3 Patch 3 and higher, or FortiOS 5.0 is detected to be vulnerable to the BEAST attack by a PCI audit software, it's almost certainly a false positive. The PCI scan probably simply checks, if the server will respond to SSL 3.0 or TLS 1.0. This test however is only sufficient to determine if a device might be vulnerable, but can not confirm with certainty, if the device is vulnerable. To identify, if the particular machine is really vulnerable to the BEAST attack, the PCI scan must check for empty fragments. If it can detect them, then the machine being tested is not vulnerable, if it does not detect them, then the machine is vulnerable.
The BEAST attack is only applicable to TLS 1.0 with cipher suites using CBC mode. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected (for example, RC4 128).
The problem is essentially a client side issue, and all major web browsers (Firefox, Chrome, MSIE) have updated versions available for download, which fix this issue. However, even though it's a client side problem, the FortiOS firmware version 4.0 MR3 Patch 3 and higher, and the FortiOS firmware 5.0 has a counter measure for this attack (by using a method of sending empty fragments), if CBC cipher suites are used. Despite this counter measure, several customers using FortiOS firmware 4.0 MR3 Patch 3 and higher, and FortiOS version 5.0, have reported PCI audit failure, as the audit software indicated that a FortiGate unit, running these firmware versions, was detected as vulnerable to the BEAST attack.
If a FortiGate unit running FortiOS 4.0 MR3 Patch 3 and higher, or FortiOS 5.0 is detected to be vulnerable to the BEAST attack by a PCI audit software, it's almost certainly a false positive. The PCI scan probably simply checks, if the server will respond to SSL 3.0 or TLS 1.0. This test however is only sufficient to determine if a device might be vulnerable, but can not confirm with certainty, if the device is vulnerable. To identify, if the particular machine is really vulnerable to the BEAST attack, the PCI scan must check for empty fragments. If it can detect them, then the machine being tested is not vulnerable, if it does not detect them, then the machine is vulnerable.
FortiOS firmware version 4.0 MR3 Patch 3 and higher, and FortiOS version 5.0, uses empty fragments to protect from the BEAST attack.
Solution
On the technical side, there are following possibilities of the resolution:
1) Force RC4 128: As an alternative, force the use of RC4 (i.e. disable 3DES and AES) will also protect against this weakness. This could be seen as a work-around.
2) Using TLS 1.1/1.2: However, please note, that TLS 1.1 / TLS 1.2 are not in widespread adoption, and not all browsers might support them.
3) The most important corrective action to be done, is to patch the client (upgrade web browsers on user PCs).
What can be done on the FortiGate unit:
- running FortiOS firmware version 4.0 MR3:
Upgrade to MR3 Patch 3 or higher. From version 4.0 MR3 Patch3, FortiOS is sending empty fragments as counter measure to the BEAST attack. PCI audit alarms are false positives from this version above.
- running FortiOS firmware version 5.0:
1) Force RC4 128: As an alternative, force the use of RC4 (i.e. disable 3DES and AES) will also protect against this weakness. This could be seen as a work-around.
2) Using TLS 1.1/1.2: However, please note, that TLS 1.1 / TLS 1.2 are not in widespread adoption, and not all browsers might support them.
3) The most important corrective action to be done, is to patch the client (upgrade web browsers on user PCs).
What can be done on the FortiGate unit:
- running FortiOS firmware version 4.0 MR3:
Upgrade to MR3 Patch 3 or higher. From version 4.0 MR3 Patch3, FortiOS is sending empty fragments as counter measure to the BEAST attack. PCI audit alarms are false positives from this version above.
- running FortiOS firmware version 5.0:
In FortiOS version 5.0, TLS 1.0 can be completely disabled. Following facts demonstrate, however, that instead, as a preferred solution, the client side should be patched (web browsers upgraded), rather than disabling the TLS 1.0 on the firewall:
- Some older version of Internet Explorer do not support TLS 1.1.
- Default settings on MSIE 9 and MSIE 10 do not support TLS 1.1 or 1.2.
To disable the TLS 1.0 for the SSL VPN portal, the following CLI commands can be used:
conf vpn ssl settings
set tlsv1-0 disable
end
- Some older version of Internet Explorer do not support TLS 1.1.
- Default settings on MSIE 9 and MSIE 10 do not support TLS 1.1 or 1.2.
To disable the TLS 1.0 for the SSL VPN portal, the following CLI commands can be used:
conf vpn ssl settings
set tlsv1-0 disable
end
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.