Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.117414
Category:SSL and TLS
Title:SSL/TLS: BREACH attack against HTTP compression
Summary:SSL/TLS connections are vulnerable to the 'BREACH' (Browser; Reconnaissance & Exfiltration via Adaptive Compression of Hypertext) attack.
Description:Summary:
SSL/TLS connections are vulnerable to the 'BREACH' (Browser
Reconnaissance & Exfiltration via Adaptive Compression of Hypertext) attack.

Vulnerability Insight:
Angelo Prado, Neal Harris and Yoel Gluck reported that SSL/TLS
attacks are still viable via a 'BREACH' (Browser Reconnaissance & Exfiltration via Adaptive
Compression of Hypertext) attack, which they describe as:

While CRIME was mitigated by disabling TLS/SPDY compression (and by modifying gzip to allow for
explicit separation of compression contexts in SPDY), BREACH attacks HTTP responses. These are
compressed using the common HTTP compression, which is much more common than TLS-level
compression. This allows essentially the same attack demonstrated by Duong and Rizzo, but without
relying on TLS-level compression (as they anticipated).

It is important to note that the attack is agnostic to the version of TLS/SSL, and does not
require TLS-layer compression. Additionally, the attack works against any cipher suite. Against a
stream cipher, the attack is simpler: The difference in sizes across response bodies is much more
granular in this case. If a block cipher is used, additional work must be done to align the output
to the cipher text blocks.

Vulnerability Impact:
The flaw makes it easier for man-in-the-middle attackers to
obtain plaintext secret values.

Affected Software/OS:
BREACH is a category of vulnerabilities and not a specific
instance affecting a specific piece of software. To be vulnerable, a web application must:

- Be served from a server that uses HTTP-level compression

- Reflect user-input in HTTP response bodies

- Reflect a secret (such as a CSRF token) in HTTP response bodies

Solution:
The following mitigation possibilities are available:

1. Disabling HTTP compression

2. Separating secrets from user input

3. Randomizing secrets per request

4. Masking secrets (effectively randomizing by XORing with a random secret per request)

5. Protecting vulnerable pages with CSRF

6. Length hiding (by adding random number of bytes to the responses)

7. Rate-limiting the requests

Note: The mitigations are ordered by effectiveness (not by their practicality - as this may differ
from one application to another).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-3587
http://breachattack.com/
http://github.com/meldium/breach-mitigation-rails
http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407
http://slashdot.org/story/13/08/05/233216
http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
http://www.kb.cert.org/vuls/id/987798
https://bugzilla.redhat.com/show_bug.cgi?id=995168
https://hackerone.com/reports/254895
https://support.f5.com/csp/article/K14634
https://www.blackhat.com/us-13/briefings.html#Prado
https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.