CAPEC-463
Padding Oracle Crypto Attack
Alto
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2022-02-22
00h00 +00:00
00h00 +00:00
Alerta para un CAPEC
Manténgase informado sobre cualquier cambio en un CAPEC específico.
Descripciones CAPEC
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
Informaciones CAPEC
Prerrequisitos
The decryption routine does not properly authenticate the message / does not verify its integrity prior to performing the decryption operationThe target system leaks data (in some way) on whether a padding error has occurred when attempting to decrypt the ciphertext.
The padding oracle remains available for enough time / for as many requests as needed for the adversary to decrypt the ciphertext.
Recursos requeridos
Mitigaciones
Design: Use a message authentication code (MAC) or another mechanism to perform verification of message authenticity / integrity prior to decryptionImplementation: Do not leak information back to the user as to any cryptography (e.g., padding) encountered during decryption.
Debilidades relacionadas
| Nombre de la debilidad | |
|---|---|
CWE-209 |
Generation of Error Message Containing Sensitive Information The product generates an error message that includes sensitive information about its environment, users, or associated data. |
CWE-514 |
Covert Channel A covert channel is a path that can be used to transfer information in a way not intended by the system's designers. |
CWE-649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified. |
CWE-347 |
Improper Verification of Cryptographic Signature The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
CWE-354 |
Improper Validation of Integrity Check Value The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
CWE-696 |
Incorrect Behavior Order The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses. |
Referencias
REF-400
Practical Padding Oracle AttacksJuliano Rizzo, Thai Duong.
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Attack_Prerequisites, Description Summary | |
| CAPEC Content Team | The MITRE Corporation | Updated References | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Example_Instances, Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
