Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How was the oracle padding attack on ASP.NET Fixed?

Tags:

security

asp.net

Microsoft released their out of band release to fix the security flaw in ASP.NET the yesterday.

What methods did Microsoft use to end the viability of this vector?

like image 562
Chris Marisic Avatar asked Sep 29 '10 17:09

Chris Marisic

2 Answers

A great summary of the changes comes from http://musingmarc.blogspot.com/2010/09/ms10-070-post-mortem-analysis-of-patch.html

  • Don't leak exception information - This prevents exploits from seeing what is broken.
  • Don't short-circuit on padding checks (take the same amount of time for padding correct verses padding broken) - This prevents exploits from seeing timing difference for incorrect padding.
  • Don't be too picky about exception catching in IHttpHandler.ProcessRequest - This prevents exploits from seeing that you caught one kind of exception (CryptographicException) instead of all exceptions.
  • Switch from Hash-based initialization vectors to Random IVs - This prevents exploits from using the relationship between the data and the hash to decrypt faster.
  • Allow for backward compatibility - In case this breaks something, allow the new behavior to be reverted in-part.
  • When doing a code review pass, change to make it clear you've considered the new options.
like image 91
Aaron D Avatar answered Nov 14 '22 10:11

Aaron D

The main: sign any encrypted data that is sent to the browser. This prevents messing with the values like the attack did to gain information on valid vs. invalid padding i.e. since the signature won't match in all those cases.

Its important to note, the hole in webresource and scriptresource that allowed files retrieval shouldn't have happened. Simple encryption alone isn't meant to tamper proof. In other words, it wasn't an oversight of an advanced scenario like the rest of the padding oracle attack (which still relied on the same fact, sending back modified encrypted data to the app with no tamper proof protection on the server).

Besides the main fix above, expected things like trying to hide further encryption side channels and making sure it doesn't break other features that rely in the same encryption calls (like asp.net membership).

like image 3
eglasius Avatar answered Nov 14 '22 08:11

eglasius
Sign in to Comment

Related questions

How to get value of a cell in row data bound event? and how to check if a cell is empty?
When is a Generic HttpHandler (an ashx, the IHttpHandler interface) reusable?
How to return JSON from webservice
Difference between Quality and Compression with system.drawing.imaging?
Hosting WCF Services in Asp.Net MVC Project
Upgrading a web service from asmx to webAPI
How to search in 2D array by LINQ ?[version2]
Azure Web Sites connection string for EF not being picked up
How can I use EF6 to update a many to many table
Sorting inside the database or Sorting in code behind? Which is best?
Configure IIS server to work with Aurelia framework and push state
NuGet Package for Tuples in C#7 causes an error in my views
In an ASP.NET Core Web App, what's the difference between AddJsonOptions and AddJsonFormatters?
What is an appropriate use for ASP.NET's MultiView control?
How do I combine WebResource.axd and ScriptResource.axd files so as to result in less requests to my ASP.NET server?
Things I cannot do in ASP.NET MVC
asp.net: difference between runat="server" and server controls
Passing FormsAuthentication cookie to a WCF service
Confusion over maxJsonLength default value
How to submit ASP.NET with JavaScript after custom validation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!