Practical Padding Oracle Attacks

This paper discusses how cryptography is misused in the security design of a large part of the Web. Our focus is on ASP.NET, the web application framework developed by Microsoft that powers 25% of all Internet web sites. We show that attackers can abuse multiple cryptographic design flaws to compromise ASP.NET web applications. We describe practical and highly efficient attacks that allow attackers to steal cryptographic secret keys and forge authentication tokens to access sensitive information. The attacks combine decryption oracles, unauthenticated encryptions, and the reuse of keys for different encryption purposes. Finally, we give some reasons why cryptography is often misused in web technologies, and recommend steps to avoid these mistakes.

2011 IEEE Symposium on Security and Privacy - Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET

ekoparty 2010 slides - The ASP.NET Vulnerability

At Eurocrypt 2002, Vaudenay introduced a powerful side-channel attack, which is called padding oracle attack, against CBC-mode encryption. By giving an oracle which on receipt of a ciphertext, decrypting it and then replying to the sender whether the padding is correct or not, he shows that is possible to efficiently decrypt data without knowing the encryption key. In this paper, we turn the padding oracle attack into a new set of practical web hacking techniques.

WOOT'10 4th USENIX Workshop on Offensive Technologies

Blackhat Europe 2010 slides