BREACH attack risks on authentication portal
Vulnerability details
Authentication portal https encryption may be subject to a BREACH attack since it use http compression.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
02/21/2023 |
Reserved Publication |
v2 |
03/11/2023 |
Updated and disclosed |
v3 |
05/02/2023 |
Add EAL version |
Stormshield Network Security |
CVSS v3.1 Overall Score: 7.4 
|
Analysis
|
Impacted version
|
The authentication portal is exposed to a breach attack due to the use of http compression
|
- SNS 2.7.0 to 3.7.34
- SNS 3.8.0 to 3.11.22
- SNS 4.0.0 to 4.3.16
- SNS 4.4.0 to 4.6.3
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The following versions fix this vulnerability
- 3.7.35
- 3.11.23
- 4.3.12.1
- 4.3.16
- 4.6.3
- 4.7.0
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
High |
None |
Required |
Changed |
High |
None |
None |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |