jeremychoi
commented
8 months ago @tomato42 thanks for creating this issue. Just to clarify, are you suggesting we add a test for it?
Open tomato42 opened 8 months ago
jeremychoi
commented
8 months ago @tomato42 thanks for creating this issue. Just to clarify, are you suggesting we add a test for it?
tomato42
commented
8 months ago are you suggesting we add a test for it?
yes
jeremychoi
commented
8 months ago @tomato42 sounds great. Wondering if you would be able to contribute firsthand? What's needed is, a business logic is implemented with two options: either 1. commit to the upstream ZAP project(adding a scan rule or custom script) then RapiDAST will run it with its ZAP configuration or 2. create your own script file and run it with RapiDAST using the generic scanner configuration. (1) might be beneficial in this case as ZAP can provide you with its API handling mechanism.
tomato42
commented
8 months ago sorry, I definitely won't have time to do that any time soon; I'm still handling the CVEs around Marvin
JSON Web Encryption (RFC7516) specifies tokens encrypted with RSAES-PKCS1-v1_5 padding using
RSA1_5.Based on recent results in the Marvin Attack, it's highly unlikely that any API that accepts RSAES-PKCS1-v1_5 encrypted ciphertexts is actually safe against timing variants of the Bleichenbacher attack.
As such, acceptance of such ciphertexts should be recognised as a vulnerability. Use of this algorithm for backwards compatibility is invalid, as the WebCrypto JavaScript API provided by all currently supported browsers supports only OAEP padding (alg id of
RSA-OAEP).Implementations of XMLEnc are also likely vulnerable, but I don't know if it's similarly standardised for use in web APIs as JWE is.