Vulnerability Note VU#987798
BREACH vulnerability in compressed HTTPS
By observing the length of compressed HTTPS responses, an attacker may be able to derive plaintext secrets from the ciphertext of an HTTPS stream.
Angelo Prado of Salesforce.com reports:
Extending the CRIME vulnerability presented at Ekoparty 2012, an attacker can target HTTPS responses to recover data from the response body.
1. HTTPS-enabled endpoint (ideally with stream ciphers like RC4, although the attack can be made to work with adaptive padding for block ciphers).
2. The attacker must be able to measure the size of HTTPS responses.
3. Use of HTTP-level compression (e.g. gzip).
4. A request parameter that is reflected in the response body.
5. A static secret in the body (e.g. CSRF token, sessionId, VIEWSTATE, PII, etc.) that can be bootstrapped (either first/last two characters are predictable and/or the secret is padded with something like KnownSecretVariableName="".
6. An otherwise static or relatively static response. Dynamic pages do not defeat the attack, but make it much more expensive.
A sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds.
Some of these mitigations may protect entire applications, while others may only protect individual web pages.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apache-SSL||Unknown||19 Jun 2013||19 Jun 2013|
|Apache HTTP Server Project||Unknown||19 Jun 2013||30 Jul 2013|
|Apache Tomcat||Unknown||19 Jun 2013||19 Jun 2013|
|Apple Inc.||Unknown||19 Jun 2013||19 Jun 2013|
|Unknown||19 Jun 2013||19 Jun 2013|
|Microsoft Corporation||Unknown||19 Jun 2013||19 Jun 2013|
|Mozilla||Unknown||19 Jun 2013||19 Jun 2013|
|Opera||Unknown||19 Jun 2013||19 Jun 2013|
CVSS Metrics (Learn More)
Thanks goes to the following individuals for reporting this vulnerability:
Angelo Prado, Salesforce.com
Neal Harris, Square
Yoel Gluck, Salesforce.com
This document was written by Todd Lewellen.
- CVE IDs: CVE-2013-3587
- Date Public: 20 Sep 2012
- Date First Published: 02 Aug 2013
- Date Last Updated: 08 Aug 2013
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.