• PLATFORM
      • Cryptosense Analyzer
        • Analyzer for Applications
        • Analyzer for PKCS#11
      • Features
        • Custom Cryptography Policies
        • LDAP and AD Integration
        • Custom Cryptography Rules
        • REST API
        • Vulnerabilities Types Found
        • All Features
  • SOLUTIONS
      • Use Cases
        • Cryptography Inventory
        • Secure Cloud Migration
        • Automated Crypto Audits
        • Crypto Testing in the SDLC
        • Automated HSM Pen-Tests
        • All Use Cases
  • RESOURCES
      • Resources
        • Whitepapers
        • Datasheets
        • Blog
        • Training Courses
        • Cloud Crypto Comparison
      • Company
        • About Us
        • Careers
        • Partners & Resellers
        • Contact
  • SUPPORT
  • LOG IN
  • GET IN TOUCH
October 20, 2016

Weak Encryption Flaw in PrimeFaces

Our Java Crypto Analyzer tool works by tracing calls to the cryptographic library from all parts of the application under test, including libraries, framework components and dependencies.

We recently tested the Analyzer on a large web application which uses a whole host of different libraries including PrimeFaces, a popular open-source library for graphics and UI elements in web applications. One result in particular came from stacktraces leading to that library. It seemed that PrimeFaces was encrypting strings in URLs using a custom scheme based around a password that is set in the configuration file.

Detecting DES crypto

The Analyzer flagged up multiple problems:

  • Fixed salt in password-based key derivation
  • Low iteration count (19) in password-based key derivation
  • Weak key derivation algorithm: PBEWithMD5
  • Weak encryption algorithm: DES
  • Short symmetric key (56 bit)
  • Unauthenticated encryption with PKCS5 padding (possible padding oracle)

The upshot of this is an encryption scheme that could be attacked in multiple ways. The default password (“primefaces”) is likely unchanged in many installations. Even if changed, with the weak password-based key derivation function and fixed salt, a dictionary attack could be mounted. The padding oracle could reveal individual plaintexts. Finally, if all else fails, since the key is fixed for an individual server, it could even be worth brute-force guessing the 56 bit DES key (specialist FPGA hardware can do this in a few hours).

What would be the consequences of breaking this encryption in a graphics library? While following up on this issue, we discovered that it was partially fixed in February 2016 after being reported by Minded Security. They used the PadBuster tool from our friends at Gotham Digital Science to exploit the padding oracle and break the URL encryption. This allowed them to submit fake URLs which, it turns out, are interpreted as Expression Language by the server, leading potentially to remote code execution. PrimeFaces was patched to switch the encrypted URLs for pseudo-random IDs at the price of maintaining a little more state on the server.

However, our Analyzer results showed the weak encryption scheme was still being used. Its second usage is to protect the values of QR codes and barcodes encoded in URLs. We reported this to PrimeTek, and they promptly fixed it in version 6.0.6.

We would advise anyone using to PrimeFaces to ensure they have upgraded at least to version 5.2.21, 5.3.8 or 6.0 (which patches the remote code execution flaw), and preferably to version 6.0.6 (which fixes the QR code and barcode protection issue by removing the weak encryption completely).

Find crypto bugs

Free 14-day trail of Cryptosense Analyzer

September 18, 2014

Algorithm Choice in PKCS#11 (part 4) – Block Ciphers

Following on from our popular review of RSA mechanisms and hash functions, this post reviews the block ciphers and modes available in PKCS#11 v2.20 and the state of the art in their cryptanalysis. We’ll also look at what’s changing in version 2.40.

Continue reading →

Interested in Crypto News?


There's a better way to Manage Cryptography

Find out how you can use Cryptosense Analyzer Platform to:

  • Automate detection of vulnerabilities in your cryptography
  • Map key lifecyles and library use before migrating to the cloud
  • Ensure regulatory compliance
  • Prepare for post-quantum crypto.
request a Demo now

Most Popular Posts

  • How Ledger Hacked an HSM
  • New cryptography in .NET Core 3.0
  • Parameter choice for PBKDF2
  • BouncyCastle Keystore Security
  • Dangerous Tutorials: How not to learn C# cryptography
  • Why PKCS#1v1.5 Encryption Should Be Put Out of Our Misery
  • Cloud Encryption Part Two: Client Side Encryption for Azure Storage
    • Features
      • Cryptography Inventory
      • Low False Positive Rate
      • Custom Cryptography Policies
      • Custom Cryptography Rules
      • LDAP and AD Integration
      • REST API
      • Easy Installation
      • Expert Support
      • All Features
    • CS Analyzer
      • Request Demo
      • Secure Cloud Migrations
      • Automated Crypto Audit
      • Crypto Testing in the SDLC
      • Automated HSM Pen-Tests
    • Resources
      • Support
      • Whitepapers
      • Blog
      • Careers
      • Contact

Follow us on Twitter FR: +33 (0)9 72 42 35 31 US: +1 646-893-7657

info@cryptosense.com

© 2012-2019 Cryptosense | All rights reserved.

  • Cryptosense Analyzer
  • Request Demo
  • Use Cases
  • Support
  • Whitepapers
  • Contact
  • About Us
  • Blog
We use cookies to deliver our services. If you continue to use this site we assume you consent to our privacy policy.ACCEPTPrivacy policy