CRIME-Vulnerability/EN/Background
Version vom 6. Februar 2019, 15:55 Uhr von Siwebot (Diskussion | Beiträge)
The exploited vulnerability ([1]) is a combination of chosen plain text attack and unintentional information leakage caused by data compression. CRIME can be prevented by disabling the use of compression, either on the client side, if the browser disables the compression of SPDY requests, or if the web page prevents the use of data compression for such transactions using the protocol negotiation characteristics of the TLS protocol.
