Obtain plaintext by observing length differences

Compression Ratio Info-leak Made Easy (CRIME) is one of the famous security exploit. This attack is used against secret web cookies that use data compression over connections using the HTTPS and SPDY protocols. An attacker can use the CRIME attack to recover the content of the secret authentication cookies. It will also allow an attacker to perform session hijacking on an unauthenticated web session. This privilege will help him launch furthermore attacks to can potentially crash the system. Using CRIME, an attacker can perform attacks like session hijacking to gain access to the victim user’s session. A successful CRIME attack involves an attacker observing the size of ciphertext sent by the browser and also making the browser send malicious requests to the vulnerable server. CRIME is a client-side attack, but there are methods through which a particular server can protect the client. The methods include not implementing deflate compression.

Impact

This vulnerability can be exploited by Man-in-the-middle attackers. A man-in-the-middle attack is a silent vulnerability with disastrous power in cryptography and computer security world. It is an attack in which the attacker secretly monitors and alters the communication between two parties.

Mitigation / Precaution

Beagle recommends the following fixes:-

• Try to implement compression in your communication.
• Use the Transport Layer Security (TLS) Protocol Version 1.2. This version of TLS sends the client, a list of compression algorithms in its ClientHello message. The server then picks one of them and sends it back in its ServerHello message.
• Try to implement the use of data compression on the transactions along with the use of the protocol negotiation features of the TLS protocol.

Written by

Manieendar Mohan

Cyber Security Lead Engineer