1. Support Center
  2. SSL / TLS Vulnerabilities
  3. Vulnerabilities requiring reconfiguration

Prevent SSL BREACH

A server vulnerable for BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) allows an attacker to decrypt cookie contents such as session information. Learn here, how you can prevent SSL BREACH.

Security Assessment

Security_Assessment_PreventSSLBreach

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

A server vulnerable for BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) allows an attacker to decrypt cookie contents such as session information. Using "gzip" or "deflate" data compression via the content-encoding option within HTTP the encrypted data can be guessed by using brute-force search followed by a divide-and-conquer search.

For a successful BREACH attack, several requirements need to be met:

  • The website is transferred compressed.
  • The website reflects user input (e.g. a username which is given from the login form)
  • The website contains a secret (e.g. a CSRF token)

Guides

The easiest form of mitigation is disabling HTTP compression, which – however – will lead to bigger sites that need to be transferred. One possibility is to disable the compression only if the referrer is not the own application.

Apache

To disable HTTP compression from requests with different referrers, use the following settings:

SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip|gz|tgz|htc)$ no-gzip dont-vary
# BREACH migitation
SetEnvIfNoCase Referer .* self_referer=no
SetEnvIfNoCase Referer ^https://www\.example\.org/ self_referer=yes
SetEnvIf self_referer ^no$ no-gzip
Header append Vary User-Agent env=!dont-vary

Possible Solutions

HSTS - Secure Channels: Strict Transport Security

Server declares “I only talk TLS” 

Example: HTTP(S) Response Header: Strict-Transport-Security: max-age=15768000; includeSubDomains

Header can be cached and also prevents leakage via subdomain-content through non-TLS links in content 

Weakness: “Trust on first use”

Cert Pinning

Server identities tend to be long-lived, but clients have to re-establish the server's identity on every TLS session. •

How could Google/Chrome be resilient to DigiNotar attack? 

Google built in "preloaded" fingerprints for the known public keys in the certificate chains of Google properties. Thereby exposed the false *.google.com certificate DigiNotar signed

But, preloading does not scale, so we need something dynamic:

Could use an HTTP header i.e. transmit the SHA1 or SHA256 hash of the Subject Public Key Info structure of the X.509 certificate. (You could pin to end entity, intermediary, root. Select your degree of precision.)

Secure Channels: DNSSEC for TLS 

DNSSEC can be used to declare supported protocols for domains 

DNSSEC can be used to declare server certificate for domain 

Advantage: Advantage of trusted signed source

For more information about Crashtest Security visit crashtest-security.com

Scan For Free