Does cloudflare protect against BREACH attacks?

Vulnerability scanners can be wrong. They often detect only the circumstances around a vulnerability, like compression, without actually testing to see if that circumstance is vulnerable. It's up to you to verify the validity of each detection presented by your scanner. To do this, you would have to launch a BREACH attack against CloudFlare. Please do not do this without clearing it with their security team first. You would be seen as a real threat if you performed penetration testing without permission. This is illegal in most jurisdictions.

This question can only be answered by their support team. In this case, you already have their answer. They have implemented a mitigation and they have verified it internally.

Cloudflare has patched all servers against these vulnerabilities. Also, the Cloudflare WAF has rules to mitigate several of these vulnerabilities including Heartbleed and ShellShock.

Close this item in your scanner as a False Positive.

Tags:

Cloudflare

Man In The Middle

Tls

Breach

Related

What websites can be protected by a particular SSL certificate? Authentication versus Authorisation Got an email saying my password is weak, reason for concern? Can a stolen Android phone with USB debugging enabled have screen lock bypassed? Is exploit-free software possible? Why are my plastic credit card and activation code sent separately? Why do some web servers still provide information on vendor and version in the HTTP response headers Is Bcrypt a hashing algorithm or is my study material wrong? How do we cross-verify if the device is doing exactly what it is supposed to do? If you revoke a certificate authority's certificate, do all of the certificates it issued become invalid as well? Does code obfuscation give any measurable security benefit? How does a CDN actually prevent DDoS attacks, when an origin server accepts direct connections?

Recent Posts