Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] - FYI [0] "Proof of Concept for AWS S3 crypto vulnerabilities" [1] "Updates to the Amazon S3 Encryption Client" [2] "Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang" [3] "CBC padding oracle issue in AWS S3 Crypto SDK for golang" [4] "In-band key negotiation issue in AWS S3 Crypto SDK for golang" VG Bernd [0] https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc [1] https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-c... [2] https://github.com/google/security-research/security/advisories/GHSA-76wf-9v... [3] https://github.com/google/security-research/security/advisories/GHSA-f5pg-7w... [4] https://github.com/google/security-research/security/advisories/GHSA-7f33-f4... -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ