Advisory: security issues in AWS KMS and AWS Encryption SDKs
I discovered and reported to Amazon the following security vulnerabilities affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage : an attacker can create ciphertexts that would leak the user’s AWS account ID, encryption context, user agent, and IP address upon decryption Ciphertext forgery : an attacker can create ciphertexts that are accepted by other users Robustness : an attacker can create ciphertexts that decrypt to different plaintexts for different users The first two bugs are somewhat surprising because they show that the ciphertext format can lead to vulnerabilities. These bugs (and the infamous alg: "None" bugs in JWT) belong to a class of vulnerabilities called in-band protocol negotiation . This is the second time we’ve found in-band protocol negotiation vulnerabilities in AWS cryptography libraries; see this bug in S3 Crypto SDK discovered by my colleague Sophie Schmieg. In JWT and S3 SDK the culprit is the algor...