General Information

Compression Ratio Info-leak Made Easy

Variants:
Direct 

Also Known As:
CRIME Attack

Vector Type:
Attack

Relevance:
Generic

Layer:
Web-Infrastructure-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
HTTP Compression, Hardening, Communication Encryption

Invented In:
23/09/2012

Added In:
21/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Abuse HTTP compression features while eavesdropping to perform a cryptanalysis attack and expose secrets contained in compressed and encrypted HTTP requests.


Direct Variant:

CRIME

Also Known As:
Compression Ratio Info-leak Made Easy

Typical Severity:
Medium

Learn More: