The Browser Exploit Against SSL/TLS attack was published in September 2011 and affects SSL 3.0 and TLS 1.0. An attacker can “decrypt” data exchanged between two parties by taking advantage of a vulnerability in the implementation of the Cipher Block Chaining (CBC) mode in TLS 1.0 which allows them to perform chosen plaintext attack.

As the name implies, this attack is performed client-side (browser) using the Man-in-The-Middle technique. Using MiTM, an attacker can inject packets into the TLS stream. This allows an attacker to guess the Initialization Vector used in XORing with the message they injected, and then simply compare the results to the ones of the block they want to “decrypt”.

It’s worth noting that for the BEAST attack to succeed, an attacker must have reasonable control of the victim’s browser, in which case is more probable that an easier attack vector is chosen.

Prevention

Use TLS 1.1 or TLS 1.2