A new hacking tool targets flawed AES encryption implementations in Microsoft ASP.NET Web applications, enabling an attacker to view encrypted session cookies that could reveal sensitive online banking information and other personal data.
It opens the door to people who are not very knowledgeable about cryptography.
chief technology officer and founderart of defence
Researchers Juliano Rizzo and Thai Duong created the Padding Oracle Exploit Tool (POET), which automatically finds and exploits cookie encryption padding vulnerabilities in ASP.NET Web applications. The researchers are expected to demonstrate the tool tomorrow at the ekoparty Security Conference in Argentina.
"You can decrypt cookies, view states, form authentication tickets, membership password, user data, and anything else encrypted using the framework's API," Rizzo wrote. "The vulnerabilities exploited affect the framework used by 25% of the Internet's websites. The impact of the attack depends on the applications installed on the server, from information disclosure to total system compromise."
An attacker can use the tool in a way to decrypt cookies and gain access to sensitive banking data and personal information without knowing the encryption key. The researchers also wrote an extensive paper on the subject, explaining the padding attack technique. A large number of systems are vulnerable to the attack, they wrote.
"We hope that publishing this vulnerability and other future results from our research would encourage the security community into taking a more serious look at crypto bugs in software systems that are as pervasive as SQL injection or XSS was in early 2000," the researchers wrote. "Rolling your own crypto is extremely risky and should be avoided."
While attacks against faulty encryption implementations have been known since 2002, the POET tool automates the process of finding unprotected website cookies, heightening the seriousness of the problem, said Alexander Meisel, a member of OWASP Germany and chief technology officer and founder of Germany-based Web application firewall vendor, art of defence.
"It opens the door to people who are not very knowledgeable about cryptography," Meisel said. "I wouldn't store any information in the cookie that I didn't want anyone to see."
Website cookies are used to save session information when a person visits a website. Popular implementations include saving shopping cart information at ecommerce websites and session data at financial websites. Meisel said the attack works by tricking the Web server behind the applications into giving up sensitive information in an error message. The error data returned by the Web server can be used to break the encryption.
Many banking sites protect against faulty implementations by using random session data to protect individual users. Similar faulty encryption implementations that can be exploited via the padding attack technique can be found in other popular Web frameworks, including Ruby on Rails, and the OWASP Enterprise Security API Toolkits. Both Rizzo and Duong said the frameworks can be repaired to ensure developers avoid implementing faulty encryption.