03:11 PM

New Crypto-Cracking Tool To Target Databases

'Poet' takes advantage of commonly weak encryption-key deployment

Researchers last week introduced a new penetration-testing tool that makes it possible to capture poorly encrypted Web session data -- such as cookies and HTML parameters. Now they say they're looking into how similar attacks against Web applications can be used to advance attacks against Web-facing databases with sloppy encryption-key deployment.

Demonstrated this spring at Black Hat Europe and officially released last week, the Padding Oracle Exploit Tool (Poet) takes advantage of and automates a side-channel attack called a Padding Oracle Attack, which was introduced to the cryptographic community in 2002. This attack leverages commonly used cryptographic padding oracles that receive cipher text, decrypts it, and replies to the sender whether the padding is valid or invalid. The attack is carried out if attackers can intercept padded messages encrypted in CBC mode, effectively gaining access to encrypted information without a key.

"What happens in Web apps is that it is very common for the programmer to send something encrypted to the client/Web browser [and] not to share it with the client, just to store it for some time like cookies, [which] is a perfect scenario to implement what is called 'chosen cipher text attacks,' where the cipher text is modified and [sent] again to the Web application," says Juliano Rizzo, who together with Thai Duong developed Poet. "Poet should help to show that is not easy to implement cryptography correctly, [and] attacks that could look theoretical are very practical and dangerous."

Rizzo and Duong have shown that Poet can crack CAPTCHAs and decrypt view states in JavaServer Faces Web development frameworks.

"The tool can be used by developers and penetration testers to audit Web application 'black-box' testing in the same way SQL injection and XSS are detected today," Rizzo says.

Adam Muntner, a security consultant and researcher for Gotham Digital Science, says the attacks made possible by Poet are dj vu all over again for the Web application security community.

"Meet the new 'sploit, same as the old 'sploit, to paraphrase The Who," Muntner says. "It's fascinating to see the same attack patterns rear their head, time and time again. The problem isn't so much any particular exploit, not to minimize the impact of this one. It's in software design, development, and testing practices."

From what he has seen so far of Poet, the attack tool takes advantage of two protocol implementation flaws within many Web applications.

"One is a cryptographic implementation flaw. The best crypto algorithm in the world is less useful than a TSA-approved lock if it's implemented poorly. Two, in Web application security, the client, typically an HTML browser, is not to be trusted," Muntner says. "If only one of the two flaws that this attack is dependent on had been caught, the attack would not be possible. In the security world, we refer to this principle as defense-in-depth."

Rizzo believes that Web application developers can best address the vulnerabilities to Padding Oracle Attacks by including more high-level encryption solutions, such as Keyczar, which has added integrity protection and authentication compared to basic cryptography solutions used by developers today.

One problem is that they implement their own cryptography, using low-level cryptography algorithms, and that is hard to implement correctly. They should use more high-level solutions," Rizzo says.

Rizzo and Duong hope Poet will be added to developer and penetration-testing toolkits to check up on application security.

"The tool can be used by developers and penetration testers to audit Web applications -- 'black-box' testing in the same way SQL injection and XSS are detected today," he says.

While Poet primarily highlights threats at the Web application layer, Rizzo also warns database security experts who use similar encryption keys across front-end systems and back-end databases.

"The Poet attack is interactive and databases are not exposed, or shouldn't be, as Web applications are," Rizzo says. "But what can happen is that if, for example, the same key is used to store secret information in a database and also used in some front-end [system] in the Web application connected to the database, the attacker get access to the encrypted database data without the key. It would be possible to use a vulnerable Web application as an oracle to decrypt the data from the database."

In fact, Rizzo says that he and Duong are currently directing research on such exploits now that Poet is released.

"Now we are studying a framework where that could happen: The same keys are reused to store data in the database and to encrypt data sent to the Web client," he says. "You could get a decryption oracle in a Web app, and even if the Web app is not sending interesting data to you, if the same secret key is used somewhere else, you can use the vulnerability in the Web app to decrypt data that you get from somewhere else in the system."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Kaspersky Lab Seeks Injunction Against US Government Ban
Jai Vijayan, Freelance writer,  1/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.