Jervis Library RSA Encryption Vulnerability Allowing Bleichenbacher Padding Oracle Attacks

A vulnerability exists in the Jervis library, specifically in versions prior to 2.2, where RSA encryption uses PKCS#1 v1.5 padding. This implementation is susceptible to Bleichenbacher padding oracle attacks, allowing an attacker with access to a decryption oracle to decrypt ciphertext without the private key. The vulnerability is particularly critical for consumers of the library who use these encryption methods directly. The issue arises because Jervis encrypts AES keys with RSA for local storage, which contains GitHub App authentication tokens that expire within an hour.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of ciphertext, potentially allowing access to sensitive data such as GitHub App authentication tokens.

Reproduction

The vulnerability can be reproduced by using Jervis versions prior to 2.2 and encrypting data with RSA using the vulnerable PKCS#1 v1.5 padding. This can be done by creating a CipherMap object with a private key, which will use the insecure padding by default. After encryption, the same key can be used to decrypt the data, demonstrating the vulnerability.

Remediation

Upgrade to Jervis version 2.2, which addresses the vulnerability by switching to OAEP padding, preventing Bleichenbacher padding oracle attacks.