Amazon AWS Encryption SDK for Python Cryptographic Algorithm Downgrade Vulnerability Allowing Key Commitment Policy Bypass

A cryptographic algorithm downgrade vulnerability has been identified in the caching layer of Amazon AWS Encryption SDK for Python, affecting versions 2.0 through 2.5.1, 3.0 through 3.3.0, and 4.0 through 4.0.4. This vulnerability might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache. As a result, ciphertext could be decrypted to multiple different plaintexts. The issue arises when two ESDK for Python clients with different commitment policies share a single caching instance, and the client with the weaker policy encrypts first, warming the cache. This leads to encryption materials that do not enforce key commitment being cached and subsequently used, allowing for the same ciphertext to be decrypted to different plaintexts under different keys, thereby breaking message integrity.

Impact

Exploitation of this vulnerability could lead to a bypass of key commitment policies, allowing for the manipulation of decrypted plaintexts from ciphertexts, thus breaking the integrity of the messages.

Remediation

Users should upgrade to AWS Encryption SDK for Python versions 3.3.1 or 4.0.5 and ensure any forked or derivative code is patched to incorporate the new fixes. If multiple instances of the Python ESDK are operated with differently configured key commitment policies, do not share a key cache.