Cryptidy Library Remote Code Execution Vulnerability via Unsafe Pickle Deserialization

A remote code execution vulnerability has been identified in the Cryptidy library, specifically in version 1.2.4. The issue arises in the 'aes_decrypt_message' function within 'symmetric_encryption.py', where 'pickle.loads' is used to deserialize data without proper validation. This flaw allows an attacker to execute arbitrary code by crafting a malicious payload that is executed upon deserialization.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected Cryptidy library is used.

Reproduction

The vulnerability can be reproduced by encrypting a malicious payload using the Cryptidy library's AES encryption, then base64 encoding the encrypted data. This encoded data can be decrypted using the vulnerable 'aes_decrypt_message' function, which will execute the embedded code. The included 'ejecutar_exploit.py' script automates this process by sending the crafted payload to a local server running the vulnerable Cryptidy library.

Remediation

Users are advised to update to a version of the Cryptidy library that does not use pickle for serialization or to implement strict validation when deserializing pickle data. The best practice is to replace pickle with a safer format like JSON.