FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Risk of BREACH attack due to reflected parameter

Affected packages
4.3.0 <= phpMyAdmin < 4.3.11.1

Details

VuXML ID 81b4c118-c586-11e4-8495-6805ca0b3d42
Discovery 2015-03-04
Entry 2015-03-08

The phpMyAdmin development team reports:

Risk of BREACH attack due to reflected parameter.

With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack.

Mitigation factor: this vulnerability can only be exploited in the presence of another vulnerability that allows the attacker to inject JavaScript into victim's browser.

[source]

References

CVE Name CVE-2015-2206
URL http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.