The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network application protocols such as HTTP, IMAP, POP3, LDAP, SMTP, and others. Several different versions of the SSL and TLS protocols have been standardized and are in widespread use. These protocols support the use of both block-based and stream-based ciphers. A vulnerability in the way the SSL 3.0 and TLS 1.0 protocols select the initialization vector (IV) when operating in cipher-block chaining (CBC) modes allows an attacker to perform a chosen-plaintext attack on encrypted traffic. This vulnerability has been addressed in the specification for the TLS 1.1 and TLS 1.2 protocols.



While this vulnerability exists in the underlying specification of the affected protocols, a practical attack called BEAST has been demonstrated in the context of a web browser and the use of the HTTPS protocol. Because of the software functionality available to an attacker in this environment, it represents the most likely attack vector and the most significant risk for affected users. An effective BEAST attack appears to require a cross-domain vulnerability that allows the attacker to issue specially crafted HTTPS requests. A blog post by Thái Duong discusses "...a way to bypass the same-origin policy (SOP)..." using a Java applet.