Browser Exploit Against SSL/TLS (BEAST)
Although the BEAST exploit was first discovered in September 2011, more than 60% of organizations and browsers are still vulnerable to this attack. This is due to the fact that most websites and browsers still use vulnerable versions of SSL or TLS: SSL v2.0, SSL v3.0 or TLS 1.0.
The BEAST exploit enables the attacker to perform a man-in-the-middle attack, decrypting and gaining access to authentication tokens. As a result, the attacker is able to access the data transmitted between a browser and web server during a session.