CRIME Attack on TLS Compression

CRIME Attack on TLS Compression

Risk: medium

Description

This vulnerability indicates that the server is susceptible to CRIME attacks, which exploit TLS compression to extract sensitive information like authentication cookies through compression ratio analysis.

CRIME (Compression Ratio Info-leak Made Easy) occurs when TLS connections use DEFLATE compression, which eliminates duplicate strings to reduce bandwidth. Attackers exploit this by injecting controlled data that matches parts of secret information, observing how compression affects the encrypted payload size.

How It Works:

1. Attacker forces victim's browser to make HTTPS requests to target website
2. Malicious requests contain guesses that partially match secret cookie values
3. When guesses match actual cookie content, compression reduces payload size
4. Attacker measures encrypted request lengths to determine correct guesses
5. Process repeats byte-by-byte until entire cookie is extracted

Requirements:

• Both client and server must support TLS DEFLATE compression
• Man-in-the-middle network position to observe traffic
• Ability to inject JavaScript or control victim's requests
• Target secrets must appear in compressed request data

Example Scenario: A user connects to a banking website over public WiFi. An attacker injects JavaScript that makes thousands of HTTPS requests with cookie guesses like "sessionid=a", "sessionid=b", etc. When the guess matches the real session cookie, DEFLATE compression recognizes the duplicate string and creates a smaller payload. By measuring encrypted sizes, the attacker extracts the complete session cookie in minutes.

The vulnerability affects older browsers (Chrome/Firefox pre-2012) that supported TLS compression, allowing complete session hijacking and unauthorized account access through compression oracle attacks.

Recommendation

To mitigate CRIME attacks:

Primary Defense - Disable TLS Compression:

# Nginx - TLS compression is disabled by default
# Ensure no explicit compression enabling

# Apache - disable TLS compression
SSLCompression off

# Python applications
import ssl
context = ssl.create_default_context()
context.options |= ssl.OP_NO_COMPRESSION

Update Software:

Most modern browsers and servers have TLS compression disabled by default: - Chrome/Firefox removed TLS compression support in 2012 - Update to latest OpenSSL versions (1.0.0+ disables by default) - Use TLS 1.3 which removes compression entirely

Testing for TLS Compression:

# Test if server supports TLS compression
openssl s_client -connect example.com:443 < /dev/null 2>&1 | grep -i compression

# Should show: "Compression: NONE"
# Vulnerable if shows: "Compression: zlib compression"

# Alternative test
nmap --script ssl-enum-ciphers -p 443 example.com

Additional Mitigations:

• Implement CSRF tokens with random padding to reduce compression efficiency
• Use secure session management with frequent token rotation
• Monitor for unusual request patterns indicating potential attacks
• Enable HSTS to prevent protocol downgrade attempts

Modern applications are generally protected as TLS compression was widely disabled after CRIME disclosure in 2012, but legacy systems may still be vulnerable.

Links

• CVE-2012-4929
• CRIME Attack Details
• SSL Labs Analysis

Standards

• SOC2_CONTROLS:
  • CC_6_7
  • CC_7_1
• CCPA:
  • CCPA_1798_150
• GDPR:
  • ART_32
• PCI_STANDARDS:
  • REQ_4_1
  • REQ_6_2
  • REQ_11_3