CVE-2020-8897 SSRF Vulnerability in AWS KMS and Encryption SDK

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides a detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C, and JavaScript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting.

A researcher, Thai Duong, at Google reported that the Amazon Encryption SDK prior to v2.0.0 suffered from the following issues:

  • Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID, encryption context, user agent, and IP address upon decryption

  • Ciphertext forgery: an attacker can create ciphertexts that are accepted by other users

  • Robustness: an attacker can create ciphertexts that decrypt to different plaintexts for different users

Because the key ID is used to determine which decryption key to use, it cannot be meaningfully authenticated despite being under the attacker’s control. If the key ID is a URL indicating where to fetch the key, the attacker can replace it with their own URL, and learn side-channel information such as the timing and machines on which the decryption happens. In AWS, the key ID is a unique Amazon Resource Name. If an attacker were to capture a ciphertext from a user and replace its key ID with their own, the victim’s AWS account ID, encryption context, user agent, and IP address would be logged to the attacker’s AWS account whenever the victim attempted to decrypt the modified ciphertext.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability has not yet been assigned by NVD. Thai Duong believes the severity is low at 4.8.

Affected Version

AWS Encryption SDK (Java, Python, C, JavaScript) < 2.0.0; A patch is available in SDK 2.0.0 or later.

Vulnerability Attribution

This was disclosed by Thai Duong of Google.

Risk Impact

No public exploit is available currently. The impact on confidentiality and integrity of this vulnerability is quite high. Since this vulnerability originated from AWS code, its ubiquity and reach is very large. Amazon has addressed this vulnerability using a patch. A word of caution to those who do not perform vulnerability analysis on the code provided by the cloud provider.

Virsec Security Platform (VSP) Support

Based on the description provided, this appears to be an SSRF vulnerability that VSP-Web can protect against. Should AWS agree, the attacker’s ability to redirect traffic to their command control center would be severely curtailed.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.

About the Author
Satya Gupta is Virsec’s visionary founder, with over 25 years of expertise in embedded systems, network security and systems architecture. Satya has helped build and guide the company through key growth phases from initial funding (2015), developing core technology with key partners including Raytheon and Lockheed (2016-2018), to launching an enterprise class, GA product (2019). Prior to this, Satya built a highly profitable software design and consulting business targeting data networking, application security and industrial automation projects. He was also Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd. Satya has more than 40 patents in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.