Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 3944 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG/UTM and BEAST attacks

Ifor Davies
Does anyone know if Astaro ASG V8 is susceptible to BEAST (Browser Exploit Against SSL/TLS) style attacks? A recent security scan of our site flagged this vulnerability on port 465 of our box, which I think is used by the mail proxy.

From my limited understanding of BEAST, this vulnerability can only be exploited in very restricted circumstances in HTTPS sessions, so this security scan result is most likely a false positive - but does anyone know of a definitive statement of some sort that I could show to my superiors?

If this really is an issue, has it been addressed in UTM9?

Thanks for any light anyone can shine on this.

Ifor


This thread was automatically locked due to age.
  • 0
    I'm fairly sure that if you are on the latest 8.*** build that this is a false positive; you'd be best served to start a support case with Sophos to get the definitive answer.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Yes, please let us know what Support tells you.  Since this port is opened by the SMTP Proxy, and the malware works with HTML or Java, I imagine the security scan only saw that the port was open, and that their scan isn't very good.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I'm running UTM9 and the test I'm running here (to my Sophos UTM appliance) -www.ssllabs.com/.../

    says that it IS both vulnerable to BEAST and CRIME SSL attacks.
  • 0 in reply to jpwjpw
    I'm starting a case here to get more info on this.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    The information that I read on BEAST&CRIME says that the attack relies on stealing a cookie from an active Java or HTML session.  I don't understand how that could happen when talking to the SMTP Proxy.  These tests just aren't doing much beyond checking to see if a port is "alive."  Still, this is mostly an educated guess, so Im looking forward to the response to Bruce's case.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    BEAST was demoed as a browser attack (although they said was more that that) and was made possible through a SOP(Same Origin Policy) bug (e.g. Java bug or Silverlight) and and old TLS 
  • 0 in reply to adriand
    You guys should be seeing a response to this sometime today, possibly tomorrow.  Stay Tuned.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I got a pretty quick response.

    They are looking into ways of mitigating the issue, but no firm release date unfortunately.
  • 0
    Any updates to this curious on how this is working?
Cookie Information Banner