Vulnerability profile
Remember that the attacker does not need to know the encryption key of a rememberMe Cookie. Remember that the attacker does not need to know the encryption key of a rememberMe Cookie. Plaintext grouping and Padding are the roots of the Padding Oracle Attack, but these require a prerequisite for application exception handling. When incorrect padding information is found in the submitted encrypted data, the insecure application decrypts the error and directly throws a padding error message. The Padding Oracle Attack is an early exploit, and was named the “most valuable Server vulnerability” by Pwnie Rewards in 2011. This vulnerability is mainly due to the improper design and use of the scenario, leading to the use of the password algorithm through the “bypass attack” to be cracked, not the algorithm cracking. This vulnerability can be used to decrypt the plaintext of ciphertext and encrypt the plaintext into ciphertext. The conditions of this vulnerability are as follows:
1. The attacker can obtain ciphertext (based on block cipher mode) and IV vector (usually attached to the ciphertext, initialization vector);
2. The attacker can modify the ciphertext to trigger the decryption process. scope
Affected versions Apache Shiro 1.2.5, 1.2.6, 1.3.0, 1.3.1, 1.3.2, 1.4.0-RC2, 1.4.0, 1.4.1 Not affected versions
Exploit Apache Shro-root-1.4.2-relea-vote1 and above vulnerabilities
Build a leaky environment
Download padding_oracle. Iso, can be installed in the VM (Linux 32), access address to complete registration: www.hackingarticles.in/hack-paddin…
First we register an account sakura/sakura and record the auth value.
Deciphering the auth cookies
Use padbuster for cracking, github.com/AonCyberLab…
Decrypting ciphertext:
Copy the code
Forge ciphertext and log in to other accounts:
> #. / padBuster. Pl [url] http://192.168.1.188/index.php [/ url] 71 ZfBkGVIbXbejXLFE lyzdbyh4qnkf + + 8 -- cookies auth=71lYZdByH4QNKf+ZfBkGVIbXbejXLFE+ -plaintext user=admin
F12 directly replaces the auth value in the browser to directly log in to other users.
Repair advice
1. Developers can customize encryption logic to avoid using CBC password block link mode. The following CipherSuite is vulnerable to Padding Oracle attacks, so developers should avoid using it. (SHIRO’s upcoming version 1.4.2 will replace the encryption mode with GCM)
If you do not have a business requirement to use RememberMe, comment out the relevant code on the front page and remove the relevant configuration from the configuration file. Shiro has no RememberMe configured by default.