Hypertext Transfer Protocol Secure (HTTPS) is used by millions of websites to secure the communications with their visitors. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protocol is used to provide encrypted communication and secure identification. HTTPS is the combination of Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol. Security researchers found that HTTPS is vulnerable for decryption by attackers.

There are many companies that rely on that encryption and this vulnerability will probably cause many problems. Such companies are banks, online shops and any company that has sensitive data that is passed and given through web browsers. Security researches Juliano Rizzo and Thai Duong, after finding about the vulnerability, they have developed a tool (called BEAST) that exploits that vulnerability and it is cable to decrypt and obtain the authentication tokens and cookies used in many HTTPS requests.

The researches said that not all websites are vulnerable but the ones that use SSL version 3 and TLS version 1.0 and earlier. There is a newer version of TLS which is not vulnerable to the specific attack but many sites are using older versions. If you have a website that is using the TLS version 1.0 then don’t wait until your sensitive data is leaked and use the new version on TLS.

HTTPS is Vulnerable to Crypto Attack