search

Mastercard / client-encryption-python

Library for Mastercard API compliant payload encryption/decryption.
https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/
MIT License
17 stars 10 forks source link

Insecure handling of padding during JWE decryption #19

Closed mtruscello closed 5 months ago

mtruscello commented 1 year ago

The logic for padding removal from JWE encryption is incorrect. The current code merely strips unprintable characters regardless if they belong to the padding or not: https://github.com/Mastercard/client-encryption-python/blob/5f8ecefabe293e15b2920fb103f87308a131882d/client_encryption/jwe_encryption.py#L99

For AES GCM this isn't an issue because the padding removal is handled automatically.
For modes that do care about padding (e.g. AES CBC) this is blindly removing characters under the assumption that A) they belong to the padding and B) that the padding is valid. This allows an attacker to spoof data much more easily because the padding is never validated and invalid JSON characters are being silently removed.

The pycryptodome library that this package uses contains padding utilities. I strongly recommend you use them.

NehaSony commented 5 months ago

Hi @mtruscello Thanks for reporting this. This should be available in the next versions onwards.