Hello security folks, in this article we will find out insecure implementation of CryptoJS. CryptoJS is collection of cryptographic algorithm implemented in JavaScript.
Many web applications use cryptographic algorithm to encrypt sensitive data like password, Personal Identification Information.
Lets look at today’s example which has weak implementation of CryptoJS.
Step 1: Verify implementation of encryption in request
Observe above image; it shows that pass parameter is not in clear text.
Using URL decoder yields a cipher text.
Step 2: Identify encryption algorithm and implemented JavaScript utility.
Find out algorithm information in webpage and JavaScript.
This application is using AES128, mode:CBC and CryptoJS utility.
Step 3: Finding secret key
AES is symmetric encryption algorithm. It use single key for encryption and decryption.
Lets find out secret information to decrypt cipher text.
Bingo!! Key and iv is hardcoded in Login.aspx page. It is 8080808080808080
Step 4: Decrypt sensitive data
I have cipher text, secret key and algorithm information. Its time to decrypt cipher text. I am using online AES tool to decrypt data.
Enter Cipher text, Key, IV, select mode and key size
Hurrey!!! got cleartext password.
This technique can be use to retrieve sensitive data from cipher text
Conclusion:
AES is symmetric encryption algorithm, single key is used to encrypt and decrypt cipher text.
Hardcoded secret key can be found in webpage or JavaScript.
Recommendation:
Developers are recommended to use asymmetric algorithm like RSA to encrypt sensitive data.
Store secret key safely on server and use public key to encrypt sensitive data
Link to Insecure implementation of CryptoJS encryption Part II
