You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "leepanda (Jira)" <ji...@apache.org> on 2019/10/23 13:56:00 UTC

[jira] [Comment Edited] (SHIRO-721) RememberMe Padding Oracle Vulnerability

    [ https://issues.apache.org/jira/browse/SHIRO-721?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16957883#comment-16957883 ] 

leepanda edited comment on SHIRO-721 at 10/23/19 1:55 PM:
----------------------------------------------------------

emmmm...Shiro encrypt cookie with aes-128-cbc mode which len of iv is 16.

"Attackers can use a vaild rememberMe cookie as the {color:#ff0000}prefix{color} for the Padding Oracle Attack"

But vaild rememberMe cookie is too long to the IV.

i can't get how to use the rememberMe cookie as the prefix for POA attack....


was (Author: leepanda):
emmmm...Shiro encrypt cookie with aes-128-cbc mode which len of iv is 16.

"Attackers can use a vaild rememberMe cookie as the {color:#ff0000}prefix{color} for the Padding Oracle Attack"

But vaild rememberMe cookie is too len to the IV.

i can't get how to use the rememberMe cookie as the prefix for POA attack....

> RememberMe Padding Oracle Vulnerability
> ---------------------------------------
>
>                 Key: SHIRO-721
>                 URL: https://issues.apache.org/jira/browse/SHIRO-721
>             Project: Shiro
>          Issue Type: Bug
>          Components: RememberMe
>    Affects Versions: 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.4.0-RC2, 1.4.0, 1.4.1
>            Reporter: loopx9
>            Priority: Critical
>              Labels: java-deserialization, padding-oracle-attack, security
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> The cookie {color:#ff0000}rememberMe {color}is encrypted by AES-128-CBC mode, and this can be vulnerable to padding oracle attacks. Attackers can use a vaild rememberMe cookie as the {color:#ff0000}prefix{color} for the Padding Oracle Attack,then make a crafted rememberMe to perform the java deserilization attack like SHIRO-550.
> Steps to reproduce this issue:
>  # Login in the website and get the rememberMe from the cookie.
>  # Use the rememberMe cookie as the prefix for Padding Oracle Attack.
>  # Encrypt a ysoserial's serialization payload to make a crafted rememberMe via Padding Oracle Attack.
>  # Request the website with the new rememberMe cookie, to perform the deserialization attack.
> The attacker doesn't need to know the cipher key of the rememberMe encryption.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)