java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle

Community Favorite
profile photo of semgrepsemgrep
Author
69,847
Download Count*
LGPL Commons Clause
License

Using CBC with PKCS5Padding is susceptible to padding oracle attacks. A malicious actor could discern the difference between plaintext with valid or invalid padding. Further, CBC mode does not include any integrity checks. Use 'AES/GCM/NoPadding' instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: cbc-padding-oracle
    message: Using CBC with PKCS5Padding is susceptible to padding oracle attacks. A
      malicious actor could discern the difference between plaintext with valid
      or invalid padding. Further, CBC mode does not include any integrity
      checks. Use 'AES/GCM/NoPadding' instead.
    metadata:
      cwe:
        - "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
      owasp:
        - A03:2017 - Sensitive Data Exposure
        - A02:2021 - Cryptographic Failures
      source-rule-url: https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE
      references:
        - https://capec.mitre.org/data/definitions/463.html
        - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#cipher-modes
        - https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY
      category: security
      technology:
        - java
      subcategory:
        - audit
      likelihood: HIGH
      impact: MEDIUM
      confidence: HIGH
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Cryptographic Issues
    severity: WARNING
    fix: |
      "AES/GCM/NoPadding"
    languages:
      - java
    patterns:
      - pattern-inside: Cipher.getInstance("=~/.*\/CBC\/PKCS5Padding/")
      - pattern: |
          "=~/.*\/CBC\/PKCS5Padding/"

Examples

cbc-padding-oracle.java

package servlets;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class Cls extends HttpServlet
{
    private static org.apache.log4j.Logger log = Logger.getLogger(Register.class);

    // cf. https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
    protected void danger(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        // ruleid:cbc-padding-oracle
        Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
        c.init(Cipher.ENCRYPT_MODE, k, iv);
        byte[] cipherText = c.doFinal(plainText);
    }

    protected void ok(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        // ok:cbc-padding-oracle
        Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
        c.init(Cipher.ENCRYPT_MODE, k, iv);
        byte[] cipherText = c.doFinal(plainText);
    }
}