AES-CBC and Avoiding Padding Oracles in CFML

This is a topic that I’ve covered in a few conference presentations, but I finally got around to writing a more detailed blog post about it. AES-CBC is arguably the best choice when selecting a native encryption algorithm in ColdFusion. However, an incorrect implementation can still put your application at risk. If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid being vulnerable to a Padding Oracle Attack. All user-controlled input is untrusted and can be dangerous, even if it is encrypted data.

The full blog post is available here - Hoya Haxa: On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt Dracones. Comments, feedback, and questions welcome.

1 Like