Compression methods are algorithms used to compress stored files. Data are compressed to achieve the best storage capacity from the server. Compression also helps in transmitting data in compressed form to consume fewer data. There are mainly two types of compression methods:-
Compression helps to reduce data usage. But, compressed data are vulnerable to many attacks. Compression methods are the easiest for exploiting sensitive information. These compression methods are vulnerable to attacks like:-
Compression Ratio Info-leak Made Easy (CRIME) attacks: The CRIME is a client-side attack that exploits the compression methods used in the web cookies to extract sensitive information like session cookie and many more.
BREACH attacks and many more.
The TLS (Transport Layer Security) protocol includes some features that negotiate selection of a lossless data compression method as part of the TLS Handshake. The protocol can then apply the algorithm associated with the selected method as part of the TLS Record Protocol. The TLS protocol defines one standard compression method which specifies that data exchanged via the record protocol will not be compressed.
The impact include:-
Beagle recommends the following fixes:-