phpMyAdmin -- Risk of BREACH attack due to reflected parameter

2015-03-04T00:00:00
ID 81B4C118-C586-11E4-8495-6805CA0B3D42
Type freebsd
Reporter FreeBSD
Modified 2015-03-04T00:00:00

Description

The phpMyAdmin development team reports:

Risk of BREACH attack due to reflected parameter. With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack. Mitigation factor: this vulnerability can only be exploited in the presence of another vulnerability that allows the attacker to inject JavaScript into victim's browser.