CVE Vulnerabilities

CVE-2020-5408

Generation of Predictable IV with CBC Mode

Published: May 14, 2020 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Weakness

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.

Affected Software

Name Vendor Start Version End Version
Spring_security Pivotal_software 5.2.0 (including) 5.2.4 (excluding)
Spring_security Pivotal_software 5.3.0 (including) 5.3.2 (excluding)
Spring_security Vmware 4.2.0 (including) 4.2.16 (excluding)
Spring_security Vmware 5.0.0 (including) 5.0.16 (excluding)
Spring_security Vmware 5.1.0 (including) 5.1.10 (excluding)
Libspring-security-2.0-java Ubuntu trusty *

Extended Description

CBC mode eliminates a weakness of Electronic Code Book (ECB) mode by allowing identical plaintext blocks to be encrypted to different ciphertext blocks. This is possible by the XOR-ing of an IV with the initial plaintext block so that every plaintext block in the chain is XOR’d with a different value before encryption. If IVs are reused, then identical plaintexts would be encrypted to identical ciphertexts. However, even if IVs are not identical but are predictable, then they still break the security of CBC mode against Chosen Plaintext Attacks (CPA).

Potential Mitigations

References