[rwth-security] AWS S3 crypto vulnerabilities

11 Aug 2020


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] - FYI
[0] "Proof of Concept for AWS S3 crypto vulnerabilities"
    [1] "Updates to the Amazon S3 Encryption Client"
    [2] "Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang"
    [3] "CBC padding oracle issue in AWS S3 Crypto SDK for golang"
    [4] "In-band key negotiation issue in AWS S3 Crypto SDK for golang"
VG
Bernd
[0]
https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc
[1]
https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-c...
[2]
https://github.com/google/security-research/security/advisories/GHSA-76wf-9v...
[3]
https://github.com/google/security-research/security/advisories/GHSA-f5pg-7w...
[4]
https://github.com/google/security-research/security/advisories/GHSA-7f33-f4...
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
www.itc.rwth-aachen.de

Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/ 
https://www.facebook.com/itcenterrwth 
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2024

2023

2022

2021

2020

2019

2018

[rwth-security] AWS S3 crypto vulnerabilities