CGI Generic Padding Oracle

medium Nessus Plugin ID 50413

Synopsis

A web application hosted on the remote server is potentially prone to a padding oracle attack

Description

By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Faces, and Mono.

An attacker may exploit this issue to decrypt data and recover encryption keys, potentially viewing and modifying confidential data.

Note that this plugin should detect the MS10-070 padding oracle vulnerability in ASP.net if CustomErrors are enabled in that.

Solution

Update the affected server software, or modify the CGI scripts so that they properly validate encrypted data before attempting decryption.

See Also

http://netifera.com/research/

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-070

https://www.mono-project.com/Vulnerabilities/#ASP.NET_Padding_Oracle

https://bugzilla.redhat.com/show_bug.cgi?id=623799

Plugin Details

Severity: Medium

ID: 50413

File Name: padding_oracle.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 10/29/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 9/28/2010

Vulnerability Publication Date: 9/17/2010

Reference Information

CVE: CVE-2010-3332

BID: 43316, 44285