pysaml2 icon indicating copy to clipboard operation
pysaml2 copied to clipboard
verified publisher icon IdentityPython

Do not use AES in CBC mode for encrypting the username in Cookies

Open jkakavas opened this issue 8 years ago • 2 comments

We currently use AES CBC by default in order to encrypt the username of the authenticated users in the encrypted session cookies. AES CBC protects only confidentiality and not the integrity ( authenticity ) and an attacker could be able to modify the encrypted value in order to authenticate as any other user.

We should use authenticated encryption instead

jkakavas avatar Sep 11 '17 08:09 jkakavas

This may be as easy as specifying MODE_GCM as the default for https://github.com/rohe/pysaml2/blob/bc6d4cdacd0f66a68c2b0f7bdf9856387776dce8/src/saml2/aes.py#L31 and related calls in that file.

Commenting here as a pointer for anyone looking to implement, as well as for my own ToDo list.

007 avatar Jan 08 '18 22:01 007

luckily I use cookies inside a wrapper (django) to manage user sessions. I hope this topic has already had a follow up given its delicacy

peppelinux avatar Sep 06 '20 00:09 peppelinux