4 matches found
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...
GHSA-WQGP-VPHW-HPHF Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...
CVE-2020-8897
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...
Design/Logic Flaw
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...