You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The logic for padding removal from JWE encryption is incorrect. The current code merely strips unprintable characters regardless if they belong to the padding or not:
For AES GCM this isn't an issue because the padding removal is handled automatically.
For modes that do care about padding (e.g. AES CBC) this is blindly removing characters under the assumption that A) they belong to the padding and B) that the padding is valid. This allows an attacker to spoof data much more easily because the padding is never validated and invalid JSON characters are being silently removed.
The pycryptodome library that this package uses contains padding utilities. I strongly recommend you use them.
The text was updated successfully, but these errors were encountered:
The logic for padding removal from JWE encryption is incorrect. The current code merely strips unprintable characters regardless if they belong to the padding or not:
client-encryption-python/client_encryption/jwe_encryption.py
Line 99 in 5f8ecef
For AES GCM this isn't an issue because the padding removal is handled automatically.
For modes that do care about padding (e.g. AES CBC) this is blindly removing characters under the assumption that A) they belong to the padding and B) that the padding is valid. This allows an attacker to spoof data much more easily because the padding is never validated and invalid JSON characters are being silently removed.
The pycryptodome library that this package uses contains padding utilities. I strongly recommend you use them.
The text was updated successfully, but these errors were encountered: