Timing Info-leak Made Easy
Variants:
Direct
Also Known As:
TIME Attack
Vector Type:
Attack
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
HTTP Compression, Hardening, Communication Encryption
Invented In:
15/03/2013
Added In:
21/12/2014
Vector Operation Method:
An extension of the CRIME attack, in which attackers can abuse HTTP compression features while relying on timing inference to perform a cryptanalysis attack and expose secrets contained in compressed and encrypted HTTP requests.
