On 14 September 2010 10:01, Damian Maclennan <[email protected]> wrote:

> ouch. That could get ugly.
>
> However, there's one fairly eyebrow raising line in there :
>
>  "The attack allows someone to decrypt sniffed cookies, which could
> contain valuable data such as bank balances, Social Security numbers
> or crypto keys"
>
> If you're putting that sort of info into a cookie, you're probably doing it
> wrong. However if this exploit let you jump in on an authenticated session,
> then it could cause trouble.
>
>
>
The cookie might have the hashed result of an SSN.  Shouldn't, but might.


>
> On Tue, Sep 14, 2010 at 9:18 AM, silky <[email protected]> wrote:
>
>> FYI, there don't appear to be any details (yet), but it is suggestive
>> of the general comments that you shouldn't really report cryptographic
>> mistakes in a deterministic way. As to how to mitigate it
>> specifically, hopefully there will be some comments soon.
>>
>>
>> ---------- Forwarded message ----------
>> From: =JeffH <[email protected]>
>> Date: Tue, Sep 14, 2010 at 7:34 AM
>> Subject: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
>> To: [email protected]
>>
>>
>> practical "Padding Oracle Attacks" (cf travis' msg "padding attack vs.
>> PKCS7" of Thu, 11 Jun 2009 11:37:16 -0500)...
>>
>>
>> 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps
>> <
>> http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310#
>> >
>> by Dennis Fisher
>> September 13, 2010, 7:58AM
>>
>> A pair of security researchers have implemented an attack that
>> exploits the way that ASP.NET Web applications handle encrypted
>> session cookies, a weakness that could enable an attacker to hijack
>> users' online banking sessions and cause other severe problems in
>> vulnerable applications. Experts say that the bug, which will be
>> discussed in detail at the Ekoparty conference in Argentina this week
>> [0], affects millions of Web applications.
>>
>> The problem lies in the way that ASP.NET, Microsoft's popular Web
>> framework, implements the AES encryption algorithm to protect the
>> integrity of the cookies these applications generate to store
>> information during user sessions. A common mistake is to assume that
>> encryption protects the cookies from tampering so that if any data in
>> the cookie is modified, the cookie will not decrypt correctly.
>> However, there are a lot of ways to make mistakes in crypto
>> implementations, and when crypto breaks, it usually breaks badly.
>>
>> "We knew ASP.NET was vulnerable to our attack several months ago, but
>> we didn't know how serious it is until a couple of weeks ago. It turns
>> out that the vulnerability in ASP.NET is the most critical amongst
>> other frameworks. In short, it totally destroys ASP.NET security,"
>> said Thai Duong, who along with Juliano Rizzo, developed the attack
>> against ASP.NET.
>>
>> The pair have developed a tool specifically for use in this attack,
>> called the Padding Oracle Exploit Tool [1]. Their attack is an
>> application of a technique that's been known since at least 2002, when
>> Serge Vaudenay presented a paper at on the topic at Eurocrypt [2].
>>
>>
>> In this case, ASP.NET's implementation of AES has a bug in the way
>> that it deals with errors when the encrypted data in a cookie has been
>> modified. If the ciphertext has been changed, the vulnerable
>> application will generate an error, which will give an attacker some
>> information about the way that the application's decryption process
>> works. More errors means more data. And looking at enough of those
>> errors can give the attacker enough data to make the number of bytes
>> that he needs to guess to find the encryption key small enough that
>> it's actually possible.
>>
>> The attack allows someone to decrypt sniffed cookies, which could
>> contain valuable data such as bank balances, Social Security numbers
>> or crypto keys. The attacker may also be able to create authentication
>> tickets for a vulnerable Web app and abuse other processes that use
>> the application's crypto API.
>>
>> Rizzo and Duong did similar work earlier this year on JavaServer Faces
>> and other Web frameworks that was presented at Black Hat Europe [3].
>> They continued their research and found that ASP.NET was vulnerable to
>> the same kind of attack. The type of attack is known as a padding
>> oracle attack and it relies on the Web application using cipher-block
>> chaining mode for its encryption, which many apps do.
>>
>> <snip/>
>>
>> [0] http://ekoparty.org/juliano-rizzo-2010.php
>>
>> [1] Practical Padding Oracle Attacks
>>    http://netifera.com/research/
>>
>> [2] http://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf
>>
>> [3] <
>> http://netifera.com/research/poet/BlackHat-EU-2010-Duong-Rizzo-Padding-Oracle-wp.pdf
>> >
>>
>>
>> ---
>> end
>>
>>
>> ---------------------------------------------------------------------
>> The Cryptography Mailing List
>> Unsubscribe by sending "unsubscribe cryptography" to
>> [email protected]
>>
>>
>>
>> --
>> silky
>>
>> http://dnoondt.wordpress.com/
>>
>> "Every morning when I wake up, I experience an exquisite joy — the joy
>> of being this signature."
>>
>
>


-- 
Meski

"Going to Starbucks for coffee is like going to prison for sex. Sure, you'll
get it, but it's going to be rough" - Adam Hills

Reply via email to