Oberon ocrypto Library Padding Oracle Attack Vulnerability in AES-CBC Decryption
Vulnerability
A padding oracle attack vulnerability has been identified in Oberon microsystem AG's ocrypto library, affecting all versions from 3.1.0 prior to 3.9.2. This vulnerability allows an attacker to recover plaintext by exploiting timing differences in AES-CBC decryption with PKCS#7 padding. The issue arises because the library's padding removal process is not constant-time, enabling attackers to infer information about the decrypted message by sending multiple ciphertexts and measuring the response times.
Impact
Exploitation of this vulnerability allows for full recovery of plaintext from encrypted messages.
Remediation
Users of the ocrypto library should upgrade to version 3.9.2 or later, where the timing side-channel vulnerability has been addressed. However, a complete mitigation requires application-specific validation of decrypted message integrity in a constant-time manner.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.