Project

General

Profile

Task #3891

review vulnerability to BREACH attacks

Added by Dave Vieglais almost 9 years ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Authentication, Authorization
Target version:
-
Start date:
2013-08-07
Due date:
% Done:

0%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

Description at: http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages/

The technique works by exploiting patterns of similarity in compressed HTTPS responses. Turning of gzip compression on the server response avoids the vulnerability at the expense of increased bandwidth.

Goal of this task is to determine which, if any, services provided by DataONE are vulnerable (i.e. provide interesting information) to an attacker.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)