Hi Naras,
Thank you so much for your reply. It’s really helpful.
Please see the details of the vulnerability below:
This web application is potentially vulnerable to the BREACH attack.
An attacker with the ability to:
- Inject partial chosen plaintext into a victim's requests
- Measure the size of encrypted traffic
can leverage information leaked by compression to recover targeted parts of the plaintext.
BREACH (Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext) is a category of vulnerabilities
and not a specific instance affecting a specific piece of software. To be vulnerable, a web application
must:
- Be served from a server that uses HTTP-level compression
- Reflect user-input in HTTP response bodies
- Reflect a secret (such as a CSRF token) in HTTP response bodies
We would be much appreciated for any solutions of the vulnerability.
Thanks,
Jiang