CRIME (SSL/TLS) attack
Impact: Low
Description
CRIME (Compression Ratio Info-leak Made Easy) is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use data compression. When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks. Wikipedia
Recommendation
Disable SSL/TLS compression.
References
👉 You might also like:
CRIME (SPDY) attack - CVE-2012-4930
The POODLE attack - CVE-2014-3566
Secure Renegotiation is not supported - CVE-2009-3555
BREACH attack - Vulnerability
Last updated on April 04, 2021