Corgea LogoCorgea Security Hub

CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

Learn about CWE-649 (Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking), its security impact, exploitation methods, and prevention guidelines.

What is Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking?

• Overview: This vulnerability arises when a software product uses obfuscation or encryption to protect inputs that should not be changed by users, but fails to check if those inputs have been tampered with. Without integrity checks, attackers can modify these inputs to manipulate the system.

• Exploitation Methods:

  • Attackers can modify encrypted or obfuscated tokens or parameters without detection.
  • Common attack patterns include brute force searching for valid values, parameter manipulation, and replay attacks.

• Security Impact:

  • Direct consequences include unauthorized access, privilege escalation, and data manipulation.
  • Potential cascading effects can lead to broader system compromise and data breaches.
  • Business impact may involve financial loss, reputational damage, and legal liabilities.

• Prevention Guidelines:

  • Use cryptographic integrity checks like HMAC (Hash-based Message Authentication Code) to ensure inputs haven't been altered.
  • Implement strong encryption algorithms paired with integrity verification.
  • Employ secure coding practices and regularly audit code for vulnerabilities.
  • Utilize security frameworks and libraries that automatically handle encryption and integrity checking, such as OWASP ESAPI or JCA (Java Cryptography Architecture).
Corgea can automatically detect and fix Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: High

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

import base64
import json

def create_session_token(user_id):
    # Vulnerable: The session token is simply base64 encoded without integrity checks
    session_data = json.dumps({"user_id": user_id})
    return base64.b64encode(session_data.encode()).decode()

def validate_session_token(token):
    try:
        # Vulnerable: Decoding without validating integrity allows tampering
        decoded_data = base64.b64decode(token.encode()).decode()
        session_data = json.loads(decoded_data)
        return session_data.get("user_id")
    except Exception as e:
        return None

Explanation:

  • Lack of Integrity Check: The create_session_token function generates a session token by base64 encoding the JSON data. Base64 is not encryption; it merely encodes data, providing no security. Without an integrity check, the data can be altered by an attacker.
  • Tampering Risk: The validate_session_token function decodes the token without verifying its integrity, allowing an attacker to modify the token contents undetected.

How to fix Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking?

To fix this vulnerability, implement an integrity check using a secure method that includes both encryption and signing of the data. Utilizing cryptographic libraries to sign the data ensures that any modification can be detected. One approach is to use HMAC (Hash-based Message Authentication Code) to sign the data.

Fixed Code Example

import base64
import json
import hmac
import hashlib

SECRET_KEY = b'super_secret_key'

def create_session_token(user_id):
    session_data = json.dumps({"user_id": user_id})
    # Calculate HMAC for the session data
    signature = hmac.new(SECRET_KEY, session_data.encode(), hashlib.sha256).digest()
    # Include the HMAC signature with the encoded session data
    return base64.b64encode(session_data.encode() + signature).decode()

def validate_session_token(token):
    try:
        decoded_data = base64.b64decode(token.encode())
        session_data, signature = decoded_data[:-32], decoded_data[-32:]
        # Verify HMAC signature to ensure data integrity
        expected_signature = hmac.new(SECRET_KEY, session_data, hashlib.sha256).digest()
        if hmac.compare_digest(signature, expected_signature):
            session_data = json.loads(session_data.decode())
            return session_data.get("user_id")
        else:
            return None  # Invalid signature
    except Exception as e:
        return None

Explanation:

  • Integrity Check: The fixed code uses HMAC to compute a signature of the session data with a secret key, ensuring that any modification of the data can be detected. This protects against unauthorized tampering.
  • Secure Validation: The validate_session_token function now verifies the HMAC signature, ensuring the integrity of the session token before processing it. This step is crucial to ensure that the token has not been altered.
  • Security Best Practice: By using hmac.compare_digest, the code is protected against timing attacks when comparing the HMAC signatures. This method ensures that the comparison takes a constant amount of time, regardless of the input, preventing attackers from deducing information based on timing differences.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking and get remediation guidance

Start for free and no credit card needed.