Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-721

RememberMe Padding Oracle Vulnerability

    XMLWordPrintableJSON

    Details

    • Flags:
      Important

      Description

      The cookie rememberMe is encrypted by AES-128-CBC mode, and this can be vulnerable to padding oracle attacks. Attackers can use a vaild rememberMe cookie as the prefix for the Padding Oracle Attack,then make a crafted rememberMe to perform the java deserilization attack like SHIRO-550.

      Steps to reproduce this issue:

      1. Login in the website and get the rememberMe from the cookie.
      2. Use the rememberMe cookie as the prefix for Padding Oracle Attack.
      3. Encrypt a ysoserial's serialization payload to make a crafted rememberMe via Padding Oracle Attack.
      4. Request the website with the new rememberMe cookie, to perform the deserialization attack.

      The attacker doesn't need to know the cipher key of the rememberMe encryption.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              loop09 loopx9
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 504h
                504h
                Remaining:
                Remaining Estimate - 504h
                504h
                Logged:
                Time Spent - Not Specified
                Not Specified