Security advisory: BREACH and Django | Weblog | Django
mardi 6 août 2013 à 19:29 CAFAI, le 06/08/2013 à 19:29
At last week's Black Hat conference, researchers announced the BREACH attack, a new attack on web apps that can recover data even when secured with SSL connections. The BREACH paper (PDF) contains full details (and is a good and fairly easy read).
Given what we know so far, we believe that BREACH may be used to compromise Django's CSRF protection. Thus, we're issuing this advisory so that our users can defend themselves.
cf: http://shaarli.cafai.fr/?F3wAfw
(Permalink)
At last week's Black Hat conference, researchers announced the BREACH attack, a new attack on web apps that can recover data even when secured with SSL connections. The BREACH paper (PDF) contains full details (and is a good and fairly easy read).
Given what we know so far, we believe that BREACH may be used to compromise Django's CSRF protection. Thus, we're issuing this advisory so that our users can defend themselves.
cf: http://shaarli.cafai.fr/?F3wAfw
(Permalink)