The encrypted data is not authenticated, thus allowing easy manipulation of the ciphertext with predictable changes to the plaintext. This is especially bad as unauthenticated AES-CBC often leads to padding oracle attacks which allow the recovery of the plaintext by an active adversary.
How to fix:
Apply a secure message-authentication-code (MAC) like HMAC-SHA256 on the ciphertext and the IV. Always check the MAC BEFORE decrypting the ciphertext.
Alternatively, use an AAD-Scheme like AES-GCM or ChaCha20-Ploy1305.
The encrypted data is not authenticated, thus allowing easy manipulation of the ciphertext with predictable changes to the plaintext. This is especially bad as unauthenticated AES-CBC often leads to padding oracle attacks which allow the recovery of the plaintext by an active adversary.
How to fix:
Apply a secure message-authentication-code (MAC) like HMAC-SHA256 on the ciphertext and the IV. Always check the MAC BEFORE decrypting the ciphertext.
Alternatively, use an AAD-Scheme like AES-GCM or ChaCha20-Ploy1305.