Detailedseverity: HighDraft

CAPEC-463Padding Oracle Crypto Attack

Abstraction
Detailed
Status
Draft
Severity
High

Description

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

Related weaknesses· 6

CWE-209CWE-514CWE-649CWE-347CWE-354CWE-696

Related attack patterns· 1

CAPEC-97 (ChildOf)

Exploits6

TypeTargetConfidenceTier
WeaknessGeneration of Error Message Containing Sensitive Informationcwe-209100%live
WeaknessImproper Validation of Integrity Check Valuecwe-354100%live
WeaknessReliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checkingcwe-649100%live
WeaknessImproper Verification of Cryptographic Signaturecwe-347100%live
WeaknessCovert Channelcwe-514100%live
WeaknessIncorrect Behavior Ordercwe-696100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Encryption Brute Forcing
CAPEC
Cryptanalysis
CAPEC
Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CAPEC
Brute Force
CAPEC
Signature Spoofing by Key Recreation
CAPEC
Signature Spoofing by Improper Validation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.