8000 GitHub - edutko/crypto-fails
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

edutko/crypto-fails

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
assets
assets
 
 
build/server
build/server
 
 
cmd/server
cmd/server
 
 
internal
internal
 
 
scripts
scripts
 
 
web/static
web/static
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

crypto-fails

A moderately realistic encrypted file storage/sharing app full of cryptographic vulnerabilities

Included vulnerabilities

  • CBC bit-flipping on encrypted session cookie
  • CBC padding oracle on encrypted session cookie
  • Weak HMAC secret key for signing API tokens
  • Accepts "alg": "none" in API token
  • JWT header injection via jwk or jku in API token
  • Algorithm confusion (RS256 vs HS256) in API token
  • Non-canonical encoding in API token revocation list
  • Nonce reuse in CTR mode in encrypted files
  • Unauthenticated ciphertext (CTR mode) in encrypted files
  • Length-extension on SHA-256 MAC in sharing links

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages
0