U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████

##Description
We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████
Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879
This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
It’s possible to conduct padding oracle attack and recover plaintext from encquery parameter
Materials:
https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/

##POC
We modified https://github.com/redtimmy/OAMBuster/blob/master/oambuster.py proof-of concept for https://█████ (it required some changes, for example gcds-consent=true is necessary in all requests to not face with consent banner page.
Here is it:
█████████
It can be launched in the next way to simply test for padding oracle and recover plaintext:

oambuster.py -d https://██████████

The result (decrypt process can take some time, for example on the screenshot above it’s not fully finished, but you can already see readable parts):
███████

This confirms that vulnerability is valid.

##Suggested fix
Apply patch & update OAM instance

Impact

Padding oracle attack allows us to decrypt any messages. As all the encrypted messages (encquery, encreply, OAMAuthnCookie) are encrypted with the same key, we can decrypt any of these messages.
This attack can also be used to encrypt messages. So if we construct a valid authentication cookie and encrypt it with our padding oracle attack, we can pass it off as valid to the web server and perform authentication bypass.

We will research this further and will update report with new information.