-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #491 from bugcrowd/VRT-update-Aug23-8
Addition of Side Channel Attack
- Loading branch information
Showing
18 changed files
with
204 additions
and
0 deletions.
There are no files selected for viewing
5 changes: 5 additions & 0 deletions
5
...ptographic_weakness/side-channel_attack/differential_fault_analysis/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the differential fault analysis attack, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...hic_weakness/side-channel_attack/differential_fault_analysis/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Best practices includes uniform exception handling and ensuring that the system reverts to a known uniform state when faults occur. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...ptographic_weakness/side-channel_attack/differential_fault_analysis/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Differential Fault Analysis | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a differential fault analysis attack as there are changes to the system's response to specially crafted fault conditions during specific steps of cryptographic operations. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The following screenshot(s) demonstrate(s) this vulnerability: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...ption/cryptographic_weakness/side-channel_attack/emanations_attack /guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the emanations attack, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...ryptographic_weakness/side-channel_attack/emanations_attack /recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Best practices includes uniform use of the system's processor cycles, power usage, and features across all steps of cryptographic operations. This ensures that the outcomes of cryptographic steps have a uniform emanations profile. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...ption/cryptographic_weakness/side-channel_attack/emanations_attack /template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Emanations Attack | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a emanations attack as there are changes to the electromagnetic emanations across the physical system when it is performing different steps of cryptographic operations. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the power emanations attack: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
submissions/description/cryptographic_weakness/side-channel_attack/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the side-channel attack, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
5 changes: 5 additions & 0 deletions
5
...on/cryptographic_weakness/side-channel_attack/padding_oracle_attack/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the padding oracle attack, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...tographic_weakness/side-channel_attack/padding_oracle_attack/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. It is also best practice for applications to use nondescript error messages that do not vary between error types when decrypting user-supplied data. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...on/cryptographic_weakness/side-channel_attack/padding_oracle_attack/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Padding Oracle Attack | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| A cryptographic weakness was identified which can allow an attacker to use a padding oracle attack to derive the encryption key. This is due to the application revealing information during the decryption process about the validity of the padding data. This can allow an attacker to break the confidentiality of requests sent to and from the endpoint. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the padding oracle attack: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...on/cryptographic_weakness/side-channel_attack/power_analysis_attack/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the power analysis attack, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...tographic_weakness/side-channel_attack/power_analysis_attack/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. Best practices includes separating the power consumption of a system from the state of cryptographic operations. This ensures that the outcomes of a cryptographic step (or multiple steps) are not observable through the power consumption of the system. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...on/cryptographic_weakness/side-channel_attack/power_analysis_attack/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Power Analysis Attack | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a power analysis attack as there is uneven power consumption across the system when performing different steps of cryptographic operations. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the power analysis attack: | ||
|
|
||
| {{screenshot}} |
7 changes: 7 additions & 0 deletions
7
...sions/description/cryptographic_weakness/side-channel_attack/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
submissions/description/cryptographic_weakness/side-channel_attack/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Side-Channel Attack | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. A cryptographic weakness was identified which can allow an attacker to use a side-channel attack to break the confidentiality and integrity of requests sent to and from the endpoint by deriving the encryption key through various methods. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the side-channel attack: | ||
|
|
||
| {{screenshot}} |
5 changes: 5 additions & 0 deletions
5
...escription/cryptographic_weakness/side-channel_attack/timing_attack/guidance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Guidance | ||
|
|
||
| Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified the timing attack, how you identified it, and what actions you were able to perform as a result. | ||
|
|
||
| Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC). |
7 changes: 7 additions & 0 deletions
7
...ion/cryptographic_weakness/side-channel_attack/timing_attack/recommendations.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Recommendation(s) | ||
|
|
||
| Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. This includes ensuring that the application's cryptographic mechanisms take the same amount of time to complete regardless of the user-supplied input. | ||
|
|
||
| For more information, refer to the following resource: | ||
|
|
||
| - <https://owasp.org/Top10/A02_2021-Cryptographic_Failures/> |
22 changes: 22 additions & 0 deletions
22
...escription/cryptographic_weakness/side-channel_attack/timing_attack/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Timing Attack | ||
|
|
||
| ## Overview of the Vulnerability | ||
|
|
||
| Cryptography is used to ensure secure storage and transmission of data. However, there are a number of best practices that must be followed to ensure the cryptography in use remains secure and does not result in the exposure of sensitive data. The application is vulnerable to a timing attack as the time it takes to complete a cryptographic operation directly relates to user-supplied data. This allows an attacker to use a timing attack to derive the encryption key. | ||
|
|
||
| ## Business Impact | ||
|
|
||
| This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application. | ||
|
|
||
| ## Steps to Reproduce | ||
|
|
||
| 1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP | ||
| 1. Setup {{software}} to intercept and log requests | ||
| 1. Use a browser to navigate to: {{URL}} | ||
| 1. {{action}} to view unencrypted requests | ||
|
|
||
| ## Proof of Concept (PoC) | ||
|
|
||
| The screenshot below demonstrates the timing attack: | ||
|
|
||
| {{screenshot}} |