Ethereum RLPx Protocol AES CTR Stream Reuse Vulnerability Allowing Decryption on Private Networks

A vulnerability exists in the Ethereum RLPx protocol, specifically in version 5, where two AES CTR streams are generated from the same key, initialization vector (IV), and nonce. This flaw allows for a man-in-the-middle attack, where an attacker who knows one plaintext can decrypt other plaintexts encrypted with the reused keystream. This issue is particularly concerning on private networks, where the impact could be more pronounced.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of encrypted messages, allowing interception and reading of private communications.

Reproduction

The vulnerability can be reproduced by establishing an RLPx connection on a private Ethereum network. During the connection, two AES CTR streams will be created from the same key, nonce, and IV. If an attacker intercepts one plaintext message, they can use this knowledge to decrypt other messages that have been encrypted with the same, now compromised, keystream.

Remediation

Users can update to the patched version of the Go Ethereum client, which includes a fix for this vulnerability. Instructions for updating can be found in the Go Ethereum repository.