There is a new attack that could allow bad guys to figure out the length of a user’s password which could then make it easier to conduct a brute force assault.
“It is usually assumed that HTTP traffic encapsulated in TLS doesn’t reveal the exact sizes of its parts, such as the length of a cookie header, or the payload of a HTTP POST request that may contain variable-length credentials such as passwords,” said Dutch security researcher Guido Vranken in the abstract of a paper.
“In this paper I show that the redundancy of the plaintext HTTP headers included in each and every request can be exploited in order to reveal the length of particular components (such as passwords) of particular requests (such as authentication to a web application). The redundancy of HTTP in practice allows for an iterative resolution of the length of ‘unknowns’ in a HTTP message until the lengths of all its components are known except for a coveted secret, such as a password, whose length is then implied.”
For the attack to work there have to be a few conditions met. One is the if attacker aims to known the length of the user’s password, he or she has to know the user name belonging to that password, as they are often sent together in an authentication process. Also, the attacker must know the length of the rest of the data in the header.
In an attack scenario that targets the HTTPS traffic between a browser and a web server it is also helpful for the attacker to know which specific browser ended up used so it is possible to know how a typical header this browser will send for various types of web resources. For an attacker, that information is not that difficult to figure out.
Another prerequisite for a successful attack is the TLS traffic must use a stream-based cipher, because their output lengths corresponds 1:1 with the (plaintext) input size.
In his paper, Vranken explained how the attack would end up carried out and how the gathered information can end up analyzed.
A very important thing to note about the HTTPS attack is that it is almost impossible to detect since the attacker does not tamper with the target’s session. The attacker only needs to record the encrypted data stream. Also, it means that the attack can end up executed by analyzing old HTTPS traffic that has been logged somewhere.