Vulnerability
|
SecretKey key = new SecretKeySpec(padForAES256(secret), 0, 32, 'AES') |
|
Cipher cipher = Cipher.getInstance('AES/CBC/PKCS5Padding') |
|
cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(b_iv)) |
|
SecretKey key = new SecretKeySpec(padForAES256(secret), 0, 32, 'AES') |
|
Cipher cipher = Cipher.getInstance('AES/CBC/PKCS5Padding') |
|
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(b_iv)) |
AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation.
Impact
Severity is considered low for internal uses of this library but if there's any consumer using these methods directly then this is considered critical.
Unlikely to matter due to the design of how AES-256-CBC is used in conjunction with RSA and SHA-256 checksum within Jervis.
Jervis uses RSA to encrypt AES keys and a SHA-256 checksum of the encrypted data in local-only storage inaccessible from the web. After asymmetric decryption and before symmetric decryption, a SHA-256 checksum is performed on the metadata and encrypted data. All encrypted data is discarded if the checksum does not match without attempting to decrypt since the encrypted data is assumed invalid. The data stored is GitHub App authentication tokens which will expire within one hour.
Patches
Jervis patch will migrate from AES/CBC/PKCS5Padding to AES/GCM/NoPadding.
Upgrade to Jervis 2.2.
Workarounds
None
References
Vulnerability
jervis/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy
Lines 682 to 684 in 157d2b6
jervis/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy
Lines 720 to 722 in 157d2b6
AES/CBC/PKCS5Paddinglacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation.Impact
Severity is considered low for internal uses of this library but if there's any consumer using these methods directly then this is considered critical.
Unlikely to matter due to the design of how AES-256-CBC is used in conjunction with RSA and SHA-256 checksum within Jervis.
Jervis uses RSA to encrypt AES keys and a SHA-256 checksum of the encrypted data in local-only storage inaccessible from the web. After asymmetric decryption and before symmetric decryption, a SHA-256 checksum is performed on the metadata and encrypted data. All encrypted data is discarded if the checksum does not match without attempting to decrypt since the encrypted data is assumed invalid. The data stored is GitHub App authentication tokens which will expire within one hour.
Patches
Jervis patch will migrate from
AES/CBC/PKCS5PaddingtoAES/GCM/NoPadding.Upgrade to Jervis 2.2.
Workarounds
None
References