java.lang.security.audit.cbc-padding-oracle.cbc-padding-oracle
Community Favorite
semgrep
Author
69,847
Download Count*
License
Using CBC with PKCS5Padding is susceptible to padding oracle attacks. A malicious actor could discern the difference between plaintext with valid or invalid padding. Further, CBC mode does not include any integrity checks. Use 'AES/GCM/NoPadding' instead.
Run Locally
Run in CI
Defintion
rules:
- id: cbc-padding-oracle
message: Using CBC with PKCS5Padding is susceptible to padding oracle attacks. A
malicious actor could discern the difference between plaintext with valid
or invalid padding. Further, CBC mode does not include any integrity
checks. Use 'AES/GCM/NoPadding' instead.
metadata:
cwe:
- "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
source-rule-url: https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE
references:
- https://capec.mitre.org/data/definitions/463.html
- https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#cipher-modes
- https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY
category: security
technology:
- java
subcategory:
- audit
likelihood: HIGH
impact: MEDIUM
confidence: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Cryptographic Issues
severity: WARNING
fix: |
"AES/GCM/NoPadding"
languages:
- java
patterns:
- pattern-inside: Cipher.getInstance("=~/.*\/CBC\/PKCS5Padding/")
- pattern: |
"=~/.*\/CBC\/PKCS5Padding/"
Examples
cbc-padding-oracle.java
package servlets;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class Cls extends HttpServlet
{
private static org.apache.log4j.Logger log = Logger.getLogger(Register.class);
// cf. https://find-sec-bugs.github.io/bugs.htm#TDES_USAGE
protected void danger(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// ruleid:cbc-padding-oracle
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
protected void ok(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// ok:cbc-padding-oracle
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
}
Short Link: https://sg.run/ydxr