RC4 encryption protocol is vulnerable to certain brute force attacks – Opera Security Advisories

Severity

Low

Description

Weaknesses in the RC4 encryption protocol have been found, allowing an attacker to deduce the plaintext. If the same message is encrypted many millions of times, statistical methods can be used to extract valuable information, such as cookies. Due to the time this amount of requests takes, this is not a practical attack against most users.

Opera’s Response

Opera Software has released Opera 12.15, where safeguards against such attacks have been added. On vulnerable connections, Opera will add some random data, making statistical methods less effective. If a domain makes an unrealistically high number of requests in less than 24 hours, it will be treated as an attack, and Opera will block that domain for the remainder of the 24 hours.

See this blog post for further information.