CRIME-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 11. Juni 2019, 12:27 Uhr

The CRIME attack takes advantage of the fact that data compression can change the length of encrypted messages, and this provides conclusions about the plain text. This can be used by a skilled attacker to steal cookies, for example.

Version vom 6. Februar 2019, 15:55 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge) ← Zum vorherigen Versionsunterschied		Aktuelle Version vom 11. Juni 2019, 12:27 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge)
Zeile 1:		Zeile 1:
−	The ~~exploited vulnerability ([https://en.wikipedia.org/wiki/~~CRIME~~]) is a combination~~ of ~~chosen plain text attack and unintentional information leakage caused by~~ data compression~~. CRIME~~ can ~~be prevented by disabling~~ the ~~use~~ of ~~compression~~, ~~either on~~ the ~~client side, if the browser disables the compression of SPDY requests~~, ~~or if the web page prevents the use of data compression~~ for ~~such transactions using the protocol negotiation characteristics of the [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] protocol~~.	+	The CRIME attack takes advantage of the fact that data compression can change the length of encrypted messages, and this provides conclusions about the plain text. This can be used by a skilled attacker to steal cookies, for example.

CRIME-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 11. Juni 2019, 12:27 Uhr

Navigationsmenü

Meine Werkzeuge

Namensräume

Varianten

Ansichten

Mehr

Suche

Navigation

Siwecos

Werkzeuge