FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the scenario where the scan result says that FortiOS is vulnerable to CVE-2013-3587 or BREACH.
BREACH is a category of vulnerabilities and not a specific instance affecting a specific piece of software. To be vulnerable, a web application must:
Be served from a server that uses HTTP-level compression.
Reflect user-input in HTTP response bodies.
Reflect a secret (such as a CSRF token) in HTTP response bodies.
Impact: The flaw makes it easier for man-in-the-middle attackers to obtain plaintext secret values.
Scope
FortiGate.
Solution
FortiOS is not vulnerable to CVE-2013-3587 (BREACH) as there are multiple mitigations in place that prevent the attack from being possible. FortiOS implements a series of CSRF protections across the product to protect sensitive data from such attack. Therefore scan results can be tagged as false positive.
Additionally, for traffic passing through the FortiGate, this vulnerability has been covered in the extended IPS database with the name of 'BREACH.HTTPS.Compression.Information.Disclosure'.
