CRIME (SSL/TLS) attack

Impact: Low


CRIME (Compression Ratio Info-leak Made Easy) is a security exploit targeting secret web cookies transmitted over HTTPS and SPDY connections utilizing data compression. By analyzing the compression ratios, attackers can infer sensitive information, such as authentication cookies, leading to session hijacking and further attacks.


To mitigate CRIME attacks, disable SSL/TLS compression on servers and clients. Implement Perfect Forward Secrecy (PFS) to prevent the decryption of past communications even if the server’s private key is compromised. Additionally, regularly update software and libraries to patch known vulnerabilities.


Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue