Vigil@nce - SPDY: obtaining HTTP Cookies via Deflate, CRIME
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can control SPDY connections of victim’s web
browser, can use several sessions compressed with Deflate in order
to compute HTTP headers, such as cookies.
Impacted products: BIG-IP Appliance, Firefox
Severity: 1/4
Creation date: 26/12/2012
DESCRIPTION OF THE VULNERABILITY
The bulletin VIGILANCE-VUL-11952 (https://vigilance.fr/tree/1/11952)
describes a vulnerability of SSL/TLS, which allows an attacker to
use the compression, in order to obtain encrypted HTTP headers.
The SPDY protocol (implemented by Chrome and Firefox) also
supports the compression, and it is thus impacted by the same
vulnerability.
An attacker, who can control SPDY connections of victim’s web
browser, can therefore use several sessions compressed with
Deflate in order to compute HTTP headers, such as cookies.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SPDY-obtaining-HTTP-Cookies-via-Deflate-CRIME-12265