Are you familiar with the basic CRIME vulnerability?
________________________________
From: Hannes Tschofenig <[email protected]>
To: "[email protected] WG" <[email protected]>
Sent: Tuesday, July 2, 2013 7:53 AM
Subject: [OAUTH-WG] CRIME II alleged at Black Hat
FYI:
http://www.darkreading.com/vulnerability/https-side-channel-attack-a-tool-for-enc/240157583
From the abstract:
"
A new side channel vulnerability in HTTPS traffic could make it possible for
targeted attackers to dig up secrets like session identifiers, CSRF tokens,
OAuth tokens, and ViewState hidden fields without users ever being the wiser,
say researchers who will explain how the attack could work at this year's Black
Hat.
"
Unfortunately, I wasn't able to find a lot of details about this attack yet.
Maybe some of you has more details.
Ciao
Hannes
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
