Compression Ratio Info-leak Made Easy
Variants:
Direct
Also Known As:
CRIME Attack
Vector Type:
Attack
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
HTTP Compression, Hardening, Communication Encryption
Invented In:
23/09/2012
Added In:
21/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Abuse HTTP compression features while eavesdropping to perform a cryptanalysis attack and expose secrets contained in compressed and encrypted HTTP requests.
