Jervis Library AES/CBC/PKCS5Padding Authentication Vulnerability Allowing Padding Oracle Attacks

A vulnerability exists in the Jervis library, specifically in versions prior to 2.2, where the AES encryption in CBC mode with PKCS5 padding lacks authentication. This flaw makes it susceptible to padding oracle attacks and manipulation of the ciphertext. The issue arises from how AES-256-CBC is utilized, combined with RSA encryption and SHA-256 checksums, in a way that could be exploited if not properly managed.

Impact

The vulnerability is critical for any consumers of the Jervis library who use the affected AES encryption methods directly. However, within Jervis itself, the impact is low due to the library's design, which includes RSA encryption of AES keys and SHA-256 checksums for data integrity. The vulnerability could potentially be exploited to manipulate encrypted data or bypass padding validation, leading to unauthorized decryption or modification of information.

Reproduction

The vulnerability can be reproduced by using Jervis versions prior to 2.2 and encrypting data with the AES/CBC/PKCS5Padding scheme. This can be done by creating a CipherMap object with a private key and using it to encrypt data, which will be processed with the vulnerable AES configuration. After encryption, the ciphertext can be manipulated or decrypted in a way that exploits the lack of authentication, taking advantage of the padding oracle attack vector.

Remediation

Upgrade to Jervis version 2.2, which addresses the vulnerability by switching the encryption method to AES/GCM/NoPadding, a mode that provides both confidentiality and integrity, preventing padding oracle attacks and allowing detection of any tampering.