The CRIME security exploit
?is a web-based exploit of SSL/TLS-encrypted communications between a client and a sever. An HTTP cookie
?that is concealed using transport-layer security can be revealed by leveraging certain vulnerabilities when using data compression in SSL/TLS-enabled communications. This vulnerability can allow an attacker to determine how to decrypt the communications. This serves as a spring board for other types of attacks such as session hijacking
or other identity falsification attacks.
The use of this exploit requires that a system is allowing data compression within an SSL/TLS-encrypted communications. This can be negotiated from either the client- or server-side. The client can opt not to ask for data compression and the server (in this case, the Gateway) can disallow any form of SSL compression. This can be verified in a packet capture by inspecting the "Compress Method" fields of a?ClientHello
packet within a TCP packet capture. You may see the following information when viewing such a packet capture in?Wireshark
or any other TCP capture application on a workstation:
Compression Methods Length: 1
?Compression Methods (1 method)
? Compression Method: null (0)
Specifically, the value of "null" from either end indicates that no SSL compression is allowed or requested for the connection.
The Layer 7 Gateway has been tested extensively to determine if there are any circumstances where we might accept or leverage SSL compression. As of version 5.4.1 and currently through version 8.1, we do not accept or utilize SSL compression on inbound or outbound connections. As such, we are not vulnerable to tools or methods utilizing CRIME security exploits.