Difference between revisions of "Not using a random initialization vector with cipher block chaining mode"

From OWASP
Jump to: navigation, search
m (Not using a random IV with CBC mode moved to Not using a random initialization vector with cipher block chaining mode)
(Related Controls)
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{Template:Vulnerability}}
 +
{{Template:SecureSoftware}}
  
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
{{Template:SecureSoftware}}
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
  
==Overview==
+
==Description==
  
 
Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
 
Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
  
==Consequences ==
+
'''Consequences'''
  
* Confidentiality: If the CBC is not properly initialized, data which is encrypted can be compromised and therefore be read.
+
* Confidentiality: If the CBC is not properly initialized, data which is encrypted can be compromised and therefore be read.
 +
* Integrity: If the CBC is not properly initialized, encrypted data could be tampered with in transfer or if it accessible.
 +
* Accountability: Cryptographic based authentication systems could be defeated.
  
* Integrity: If the CBC is not properly initialized, encrypted data could be tampered with in transfer or if it accessible.
+
'''Exposure period'''
  
* Accountability: Cryptographic based authentication systems could be defeated.
+
* Implementation: Many logic errors can lead to this condition if multiple data streams have common beginning sequences.
  
==Exposure period ==
+
'''Platform'''
  
* Implementation: Many logic errors can lead to this condition if multiple data streams have a common beginning sequences.
+
* Languages: Any
 +
* Operating platforms: Any
  
==Platform ==
+
'''Required resources'''
  
* Languages: Any
+
Any
  
* Operating platforms: Any
+
'''Severity'''
 
+
==Required resources ==
+
 
+
.Any
+
 
+
==Severity ==
+
  
 
High
 
High
  
==Likelihood   of exploit ==
+
'''Likelihood of exploit'''
  
 
Medium
 
Medium
  
==Avoidance and mitigation ==
+
CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it is used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.
  
* Integrity: It is important to properly initialize CBC operating block ciphers or there use is lost.
+
==Risk Factors==
  
==Discussion ==
+
* Talk about the [[OWASP Risk Rating Methodology|factors]] that make this vulnerability likely or unlikely to actually happen
 +
* Discuss the technical impact of a successful exploit of this vulnerability
 +
* Consider the likely [business impacts] of a successful attack
  
CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.
 
  
==Examples ==
+
==Examples==
  
 
In C/C++:
 
In C/C++:
Line 81: Line 82:
 
</pre>
 
</pre>
  
==Related problems ==
 
  
Not available.
+
==Related [[Attacks]]==
  
==Categories ==
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
[[Category:Vulnerability]]
 
  
[[Category:Protocol Errors]]
+
==Related [[Vulnerabilities]]==
 +
 
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
 +
 
 +
==Related [[Controls]]==
 +
 
 +
* Integrity: It is important to properly initialize CBC operating block ciphers or their use is lost.
 +
 
 +
==Related [[Technical Impacts]]==
 +
 
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 
 +
 
 +
==References==
 +
Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
 +
 
 +
* [http://cwe.mitre.org/data/definitions/79.html CWE 79].
 +
* http://www.link1.com
 +
* [http://www.link2.com Title for the link2]
 +
 
 +
 
 +
 
 +
__NOTOC__
 +
 
 +
 
 +
[[Category:OWASP ASDR Project]]
 +
[[Category:Vulnerability]]
 +
[[Category:Cryptographic Vulnerability]]
 +
[[Category:OWASP_CLASP_Project]]

Latest revision as of 07:53, 27 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 02/27/2009

Vulnerabilities Table of Contents

Description

Not using a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.

Consequences

  • Confidentiality: If the CBC is not properly initialized, data which is encrypted can be compromised and therefore be read.
  • Integrity: If the CBC is not properly initialized, encrypted data could be tampered with in transfer or if it accessible.
  • Accountability: Cryptographic based authentication systems could be defeated.

Exposure period

  • Implementation: Many logic errors can lead to this condition if multiple data streams have common beginning sequences.

Platform

  • Languages: Any
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

Medium

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it is used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Examples

In C/C++:

#include <openssl/evp.h>

EVP_CIPHER_CTX ctx;
char key[EVP_MAX_KEY_LENGTH];
char iv[EVP_MAX_IV_LENGTH];

RAND_bytes(key, b);
memset(iv,0,EVP_MAX_IV_LENGTH);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);

In Java:

public class SymmetricCipherTest {
   public static void main()  {
      byte[] text ="Secret".getBytes();
      byte[] iv ={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

      KeyGenerator kg = KeyGenerator.getInstance("DES");
      kg.init(56);
      SecretKey key = kg.generateKey();
     
      Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
      IvParameterSpec ips = new IvParameterSpec(iv);
      cipher.init(Cipher.ENCRYPT_MODE, key, ips);
      return cipher.doFinal(inpBytes);
   }
 }


Related Attacks


Related Vulnerabilities

Related Controls

  • Integrity: It is important to properly initialize CBC operating block ciphers or their use is lost.

Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: