2 matches found
CVE-2020-8912
CVE-2020-8912 concerns the AWS S3 Crypto SDK for Go, affected in GoLang SDKs before version 2. The bug is in-band key negotiation which allows a user with write access to a bucket to alter the encryption algorithm of an object (e.g., switch from AES-GCM to AES-CTR). When combined with a decryptio...
CVE-2020-8911
CVE-2020-8911 describes a padding oracle in the AWS S3 Crypto SDK for Go (older GoLang S3 encryption client). The vulnerability arises because AES-CBC encryption was used without a MAC, enabling an attacker with write access to the target S3 bucket to observe decryption outcomes and reconstruct p...