Insecure Cookie Encryption due to usage of insecure mode of operation when doing AES cipher #759
Description
Hi team,
There might be a potential security issue in ninja-core/src/main/java/ninja/utils/CookieEncryption.java (ninja-core 7.0.0 the latest version) that I want to report and check with you guys.
Security risk:
In the function encrypt(), when AES is specified as the cipher algorithm without any more settings, AES/ECB/PKCS5Padding is used by default
However, ECB as a block cipher mode is not secure, encrypting each block independently without any IV.
Patterns in the plaintext can be easily observed in the ciphertext if similar blocks are present, which is a significant security weakness
In Ninja case the weakness could lead to leakage of sensitive information in session data when encryption mode is used
Proof Of Concept:
I will use the unit test case under src/test/java/ninja/utils/CookieEncryptionTest.java here as an example
We got 16 'a's, 16 'b's, 16 'c's, and another 16 'b's in the end, which's 64 characters in total as a string to encrypt
As said before we'll see the pattern in the ciphertext as well.
Encrypt it and check the cipher text before Base64 encoding:
As we can see, same plaintext block generates identical 16 bytes cipher text block
Recommendation:
Could specify cipher mode explicitly and consider using more secure cipher modes. Only for example which might not apply to this case:
SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key);
That's pretty much the security issue I found.