Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#8328] - JCryptCipherMcrypt::decrypt() - Data Corruption via trim()

?
avatar paragonie-scott
paragonie-scott
8 Nov 2015

https://github.com/joomla/joomla-cms/blob/ec8a72f4cd0519786b9001dd3dd593131e7d32d2/libraries/joomla/crypt/cipher/mcrypt.php#L73

Depending on how the data is formatted prior to encryption, we can lose information after decrypting a message.

Proof of Concept: https://3v4l.org/bSoNu

Recommendation: Use PKCS7 padding before encryption, don't use trim() or rtrim(); actually remove the padding carefully.

avatar paragonie-scott paragonie-scott - open - 8 Nov 2015
avatar paragonie-scott
paragonie-scott - comment - 9 Nov 2015

Note: PKCS7 padding without authenticating the ciphertext doesn't change the security level, but it does guarantee a valid result.

avatar PhilETaylor
PhilETaylor - comment - 9 Nov 2015

@paragonie-scott Would you be able to provide a mergeable pull request with the changes you are proposing please? Code speaks louder than comments :-)

avatar zero-24 zero-24 - change - 9 Nov 2015
Labels Added: ?
avatar zero-24 zero-24 - change - 9 Nov 2015
Category Libraries
avatar mbabker
mbabker - comment - 12 Nov 2015

@joomla/security Some help on this issue would be appreciated. I'm in over my head on this.

avatar roland-d
roland-d - comment - 13 Nov 2015

Closing this issue as we have a pull request #8406 Thanks @paragonie-scott

avatar roland-d roland-d - change - 13 Nov 2015
Status New Closed
Closed_Date 0000-00-00 00:00:00 2015-11-13 21:19:04
Closed_By roland-d
avatar roland-d roland-d - close - 13 Nov 2015

Add a Comment

Login with GitHub to post a comment