Miggo Logo

CVE-2021-29445: Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

5.9

CVSS Score
3.1

Basic Information

EPSS Score
0.59538%
Published
4/19/2021
Updated
3/17/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
jose-node-esm-runtimenpm< 3.11.43.11.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from incorrect execution order in AES_CBC_HMAC_SHA2 decryption. The advisory explicitly states HMAC verification and CBC decryption were both always executed, with the timing discrepancy between padding errors (CBC-related) and HMAC failures creating the oracle. The standard JWE decryption flow for these algorithms would be implemented in a function handling both operations, likely named something like hybridDecrypt in AES-CBC-HMAC context. The high confidence comes from: 1) The vulnerability description matches the function's responsibility 2) The patch specifically changes operation order 3) This aligns with JWE specification implementation patterns in JOSE libraries.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t [**S_***_*M**_S*** *l*orit*m](*ttps://tools.i*t*.or*/*tml/r******#s**tion-*.*) (*******-*S***, *******-*S***, *******-*S***) ***ryption woul* *lw*ys *x**ut* *ot* *M** t** v*ri*i**tion *n* *** ***ryption, i* *it**r **il** `JW****ryption**i

Reasoning

T** vuln*r**ility st*ms *rom in*orr**t *x**ution or**r in **S_***_*M**_S*** ***ryption. T** **visory *xpli*itly st*t*s *M** v*ri*i**tion *n* *** ***ryption w*r* *ot* *lw*ys *x**ut**, wit* t** timin* *is*r*p*n*y **tw**n p***in* *rrors (***-r*l*t**) *n