CVE-2020-8911
plaintext revealing vulnerability vulnerability in aws-sdk-go (Go)
What is CVE-2020-8911 About?
The golang AWS S3 Crypto SDK prior to V1.34.0 is impacted by a padding oracle vulnerability when using AES-CBC encryption without a MAC. This can lead to loss of confidentiality and message forgery for encrypted data. Exploiting this requires write access to the S3 bucket, access to an endpoint revealing decryption failures, and significant queries.
Affected Software
Technical Details
The golang AWS S3 Crypto SDK, specifically V1 prior to 1.34.0, is vulnerable when using AES-CBC encryption without a Message Authentication Code (MAC) for data integrity. This configuration exposes a padding oracle vulnerability. An attacker with write access to the S3 bucket can modify ciphertext blocks and observe whether an endpoint attempting to decrypt the data reports a padding error (without revealing the plaintext itself). By systematically sending modified ciphertexts and observing the oracle's response, the attacker can reconstruct the original plaintext using a padding oracle attack, requiring on average 128 * length(plaintext) queries. This allows for both loss of confidentiality and potential message forgery.
What is the Impact of CVE-2020-8911?
Successful exploitation may allow attackers to disclose the plaintext of encrypted data and forge messages, leading to severe confidentiality breaches and data integrity compromise.
What is the Exploitability of CVE-2020-8911?
Exploiting this padding oracle vulnerability is highly complex and requires several specific conditions. The attacker must have write access to the target S3 bucket, allowing them to upload modified ciphertexts. Critically, the attacker also needs access to an oracle—an endpoint that performs decryption and reveals whether decryption failed due to incorrect padding, without exposing the plaintext. No specific authentication or privilege beyond S3 write access and oracle access is stated. This is a remote exploitation scenario, relying on interaction with S3 and a decryption service. The attack is computationally intensive, requiring a large number of queries to reconstruct the plaintext, making it time-consuming. The vulnerability is only present if AES-CBC encryption was chosen without MAC, and not AES-GCM.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-8911?
Available Upgrade Options
- github.com/aws/aws-sdk-go
- <1.34.0 → Upgrade to 1.34.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9
- https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9
- https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc
- https://pkg.go.dev/vuln/GO-2022-0646
- https://github.com/aws/aws-sdk-go/pull/3403
- https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09
- https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1869800
- https://osv.dev/vulnerability/GO-2022-0646
- https://github.com/aws/aws-sdk-go/pull/3403
What are Similar Vulnerabilities to CVE-2020-8911?
Similar Vulnerabilities: CVE-2020-8912 , CVE-2016-2107 , CVE-2019-15605 , CVE-2019-16934 , CVE-2019-15606
