Added BREACH attack mittigation, #4084
This commit is contained in:
Ylian Saint-Hilaire
parent
f5f4305841
commit
ea7e98b3b4
|
|
@ -613,6 +613,7 @@
|
|||
<Content Include="views\messenger.handlebars" />
|
||||
<Content Include="views\mstsc.handlebars" />
|
||||
<Content Include="views\player.handlebars" />
|
||||
<Content Include="views\sharing-mobile.handlebars" />
|
||||
<Content Include="views\sharing.handlebars" />
|
||||
<Content Include="views\ssh.handlebars" />
|
||||
<Content Include="views\terms-mobile.handlebars" />
|
||||
|
|
|
|||
|
|
@ -120,6 +120,7 @@
|
|||
"amtManager": { "type": "boolean", "default": true, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." },
|
||||
"orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" },
|
||||
"agentIdleTimeout": { "type": "integer", "minimum": 1, "default": 150 ,"description": "How much time in seconds with no traffic from an agent before dropping the agent connection." },
|
||||
"webPageLengthRandomization": { "type": "boolean", "default": true, "description": "Adds a random length string to generated web pages to mitigate a BREACH attack." },
|
||||
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
|
||||
"wsCompression": { "type": "boolean", "default": false, "description": "Enables server-side, websocket per-message deflate compression." },
|
||||
"agentWsCompression": { "type": "boolean", "default": true, "description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work." },
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
@ECHO OFF
|
||||
CD ..\translate
|
||||
%LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js minifyall
|
||||
%LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js translateall
|
||||
%LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js extractall
|
||||
REM %LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js translateall
|
||||
REM %LOCALAPPDATA%\..\Roaming\nvm\v12.13.0\node translate.js extractall
|
||||
DEL ..\emails\translations\*-min_*
|
||||
Pause
|
||||
|
|
@ -167,6 +167,8 @@
|
|||
</div>
|
||||
<script>
|
||||
'use strict';
|
||||
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var uiMode = parseInt(getstore('uiMode', 1));
|
||||
var webPageStackMenu = false;
|
||||
var webPageFullScreen = true;
|
||||
|
|
|
|||
|
|
@ -1192,6 +1192,7 @@
|
|||
<iframe name="fileUploadFrame" style=display:none></iframe>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
|
||||
// Process server-side web state
|
||||
var webState = '{{{webstate}}}';
|
||||
|
|
|
|||
|
|
@ -1402,6 +1402,7 @@
|
|||
</div>
|
||||
<script type="text/javascript">
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
|
||||
// Process server-side web state
|
||||
var webState = '{{{webstate}}}';
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var messageid = parseInt('{{{messageid}}}');
|
||||
var fileurl = '{{{fileurl}}}';
|
||||
var filename = '{{{filename}}}';
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@
|
|||
</tr>
|
||||
</table>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var messageid = parseInt('{{{messageid}}}');
|
||||
var fileurl = '{{{fileurl}}}';
|
||||
var filename = '{{{filename}}}';
|
||||
|
|
|
|||
|
|
@ -148,6 +148,7 @@
|
|||
</div>
|
||||
<script nonce="{{{cspNonce}}}">
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var uiMode = parseInt(getstore('uiMode', 1));
|
||||
var webPageStackMenu = false;
|
||||
var webPageFullScreen = true;
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@
|
|||
</div>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var urlargs = parseUriArgs();
|
||||
if (urlargs.key && (isAlphaNumeric(urlargs.key) == false)) { delete urlargs.key; }
|
||||
var uiMode = parseInt(getstore('uiMode', 1));
|
||||
|
|
|
|||
|
|
@ -311,6 +311,7 @@
|
|||
</div>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var loginMode = '{{{loginmode}}}';
|
||||
var newAccount = '{{{newAccount}}}';
|
||||
var passhint = '{{{passhint}}}';
|
||||
|
|
|
|||
|
|
@ -305,6 +305,7 @@
|
|||
</div>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var passlogin = '{{{passlogin}}}';
|
||||
var passhint = '{{{passhint}}}';
|
||||
var loginMode = '{{{loginmode}}}';
|
||||
|
|
|
|||
|
|
@ -361,6 +361,7 @@
|
|||
</div>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var welcomePictureFullScreen = (decodeURIComponent('{{{welcomePictureFullScreen}}}') === 'true');
|
||||
var passlogin = '{{{passlogin}}}';
|
||||
var passhint = '{{{passhint}}}';
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var titleid = parseInt('{{{titleid}}}');
|
||||
var msgid = parseInt('{{{msgid}}}');
|
||||
var domainurl = decodeURIComponent('{{{domainurl}}}');
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@
|
|||
</tr>
|
||||
</table>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var titleid = parseInt('{{{titleid}}}');
|
||||
var msgid = parseInt('{{{msgid}}}');
|
||||
var domainurl = decodeURIComponent('{{{domainurl}}}');
|
||||
|
|
|
|||
|
|
@ -60,6 +60,7 @@
|
|||
<canvas width="256" height="256" id="remoteImage" style="position:absolute;right:24px;top:45px;width:200px;height:200px;background-color:gray;border-radius:12px 12px 12px 12px;box-shadow:3px 3px 10px gray;display:none" />
|
||||
<input id="uploadFileInput" type="file" multiple style="display:none">
|
||||
<script type="text/javascript" onunload="onUnLoad()">
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var userInputFocus = 0;
|
||||
var socket = null; // Websocket object
|
||||
var state = 0; // Connection state. 0 = Disconnected, 1 = Connecting, 2 = Connected.
|
||||
|
|
|
|||
|
|
@ -75,6 +75,7 @@
|
|||
}
|
||||
</style>
|
||||
<script language="javascript">
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var client = null;
|
||||
var canvas = null;
|
||||
var urlargs = parseUriArgs();
|
||||
|
|
|
|||
|
|
@ -96,6 +96,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var recFile = null;
|
||||
var recFilePtr = 0;
|
||||
var recFileStartTime = 0;
|
||||
|
|
|
|||
|
|
@ -737,6 +737,7 @@
|
|||
<iframe name="fileUploadFrame" style=display:none></iframe>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var args = parseUriArgs();
|
||||
var urlargs = args;
|
||||
var sessionTime = parseInt('{{{sessiontime}}}');
|
||||
|
|
|
|||
|
|
@ -283,6 +283,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var sessionActivity = null;
|
||||
var desktop = null;
|
||||
var agentPresent = true;
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var term = null;
|
||||
var termfit = null;
|
||||
var resizeTimer = null;
|
||||
|
|
|
|||
|
|
@ -161,6 +161,7 @@
|
|||
</div>
|
||||
<script>
|
||||
'use strict';
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var uiMode = parseInt(getstore('uiMode', 1));
|
||||
var webPageStackMenu = false;
|
||||
var webPageFullScreen = true;
|
||||
|
|
|
|||
|
|
@ -80,6 +80,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<script>
|
||||
var random = '{{{randomlength}}}' // Random length string for BREACH mitigation
|
||||
var term = null;
|
||||
var termfit = null;
|
||||
var tunnel = null;
|
||||
|
|
|
|||
|
|
@ -7696,6 +7696,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
|||
xargs.domainurl = domain.url;
|
||||
xargs.autocomplete = (domain.autocomplete === false)?'x':'autocomplete'; // This option allows autocomplete to be turned off on the login page.
|
||||
if (typeof domain.hide == 'number') { xargs.hide = domain.hide; }
|
||||
|
||||
// To mitigate any possible BREACH attack, we generate a random length string here.
|
||||
xargs.randomlength = (args.webpagelengthrandomization !== false) ? parent.crypto.randomBytes(parent.crypto.randomInt(0, 256)).toString('base64') : '';
|
||||
|
||||
return xargs;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue