AWS SDK for C++ S3 Encryption Client Key Commitment Vulnerability

A vulnerability exists in the AWS SDK for C++ S3 Encryption Client, specifically in versions through 1.11.711. The issue arises from a missing cryptographic key commitment, which may allow a user with write access to an S3 bucket to replace the encrypted data key (EDK) with a rogue key. This could lead to decryption of data into unintended plaintext, particularly when the EDK is stored in an 'Instruction File' rather than S3's metadata. This vulnerability exposes the EDK to an 'Invisible Salamanders' attack, where the rogue key can be used to decrypt messages incorrectly, potentially manipulating the integrity of the data.

Impact

The lack of key commitment allows for the possibility of decrypting ciphertext with a rogue EDK, leading to unauthorized access to plaintext data. This manipulation could be exploited to replace legitimate EDKs with malicious ones, causing future decryption attempts to yield manipulated or incorrect data.

Remediation

Users are advised to upgrade the AWS SDK for C++ to version 1.11.712 or later, which introduces key commitment by cryptographically binding the EDK to the ciphertext. This version can both read and write messages with key commitment, addressing the vulnerability. Instructions for upgrading can be found in the AWS SDK for C++ GitHub repository.