This is a security fix for two vulnerabilities with XML encryption in simpleSAMLphp. The two vulnerabilities are:
It may be possible to use an SP as a oracle to decrypt encrypted messages sent to that SP. This is the attack described in the paper “How to break XML encryption”:
It may be possible to use the SP as a key oracle which can be used to forge messages from that SP by issuing 300000-2000000 queries to the SP. This mainly affects SPs that use signed authentication requests. The attack is described in “Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1.”:
Thanks to Ian Young for alerting us of this problem.
Version 1.8.1 of simpleSAMLphp or significantly complicates these attacks by two changes:
- No longer display detailed exceptions for decryption failures.
- We perform “extra” work to combat timing attacks for the second attack.
Version 1.8.1 can be downloaded from:
By disabling the display of detailed error messages, both attacks become significantly more difficult. Display of detailed errors can be disabled by setting the ‘showerrors’ option in config.php to ‘FALSE’. Note that error messages are still displayed, but not exception information.
We have only released an update for version 1.8. If there is interest, we can also create updates / patches for older releases. Please let us know if you are interested in this.