SSL/TLS: BREACH attack against HTTP compression

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

Thread Modes

SSL/TLS: BREACH attack against HTTP compression

Alexandre Machado Offline

Administrator

Posts: 2,205
Threads: 186
Joined: Mar 2018
Reputation: 79
Location: Auckland, New Zealand

11-20-2022, 10:31 PM

CheckFormID is a unique identifier (as the name states, each form has its own ID) which is sent in each request and guarantees that the sender is not someone impersonating a legitimate user. IntraWeb will just refuse to process a requests if the FormID doesn't match. This alone is enough to stop most CSRF attacks including BREACH.
Possibly you just need to explain this to the auditors.

Find

« Next Oldest | Next Newest »

Messages In This Thread

SSL/TLS: BREACH attack against HTTP compression - by pgnair - 10-11-2022, 03:34 AM

RE: SSL/TLS: BREACH attack against HTTP compression - by Alexandre Machado - 10-17-2022, 07:48 AM

RE: SSL/TLS: BREACH attack against HTTP compression - by pgnair - 10-25-2022, 07:28 AM

RE: SSL/TLS: BREACH attack against HTTP compression - by pgnair - 11-01-2022, 05:49 AM

RE: SSL/TLS: BREACH attack against HTTP compression - by Alexandre Machado - 11-08-2022, 06:44 AM

RE: SSL/TLS: BREACH attack against HTTP compression - by pgnair - 11-15-2022, 04:59 AM

RE: SSL/TLS: BREACH attack against HTTP compression - by Alexandre Machado - 11-20-2022, 10:31 PM

View a Printable Version

Users browsing this thread: 1 Guest(s)

Login
Username:
Password:	Lost Password?
	Remember me