Headline
CVE-2023-48051: Cryptographic API Misuse Vulnerability: Do not use insecure algorithm(textbook or padding PKCS 1v1.5) for RSA · Issue #38 · Carglglz/upydev
An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding.
Description:
In the upydev repository, specifically within the keygen.py script, the RSA algorithm is implemented with PKCS 1v1.5 padding, which is known to be insecure and vulnerable to Bleichenbacher](https://link.springer.com/content/pdf/10.1007/bfb0055716.pdf) attack which is a chosen-ciphertext attack that exploits vulnerabilities within the RSA PKCS1v1.5 padding scheme. The use of this padding scheme can lead to security issues where an attacker may exploit the vulnerability to decipher encrypted messages or forge signatures.
Affect Version
upydev 0.4.3
Location:
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L919
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1176
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1253
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1311
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1125
Expected Behavior:
The cryptographic module should utilize a secure padding scheme for RSA such as OAEP (Optimal Asymmetric Encryption Padding) which is currently recommended as a safer alternative to PKCS 1v1.5.
Actual Behavior:
The current implementation of the RSA encryption and signature verification in keygen.py uses PKCS 1v1.5 padding, which is outdated and has known vulnerabilities that compromise the security of cryptographic operations.
Reference:
CWE-780: Use of RSA Algorithm without OAEP
Recommendations:
It is recommended to use OAEP (Optimal Asymmetric Encryption Padding) as the encryption scheme and PSS (Probabilistic Signature Scheme) as the signature scheme, as they offer better security.
- Refactor the RSA implementation to use OAEP padding for encryption and PSS padding for signature, which are both provided by the RSA module in standard libraries like PyCryptodome and cryptography.io.
2 . Conduct a thorough audit of the cryptographic operations throughout the application to ensure that secure practices are being followed.
It’s crucial for the security of upydev users that this issue is addressed promptly, as cryptographic weaknesses can have severe implications for the privacy and integrity of communications facilitated by this tool.
message = b"encrypted data" ciphertext = public_key.encrypt( message, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None ) )
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#encryption
Please let me know if you require any further information or assistance in addressing this issue.