Practical Padding Oracle Attacks

At Eurocrypt 2002, Vaudenay introduced a powerful side-channel attack, which is called padding oracle attack, against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, he shows that is possible to efficiently decrypt data without knowing the encryption key. In this paper, we turn the padding oracle attack into a new set of practical web hacking techniques.

Click this bar to view the full image.

Flickr offers a relatively comprehensive web-service API that allows programmers to build applications which could perform virtually any functionality a Flickr internet site can do. Users need to be authenticated while using Flickr Authentication API. Any applications wishing to use the Flickr Authentication API must have already obtained a Flickr’s API Key. An 8-byte extended ‘shared secret’ for ones API Key is then issued by Flickr and can not be changed by the users. This secret is applied during the signing process, that is certainly required for all API calls utilizing an authentication token. This advisory describes a vulnerability during the signing process that allows an attacker to build valid signatures with out knowing the shared secret. By exploiting this vulnerability, an attacker can send valid arbitrary requests on behalf of any computer software utilizing Flickr’s API

Download Padding Oracle Exploit Tool Here