Tag: aes-cbc
All the articles with the tag "aes-cbc".
-
Padding oracle attack: forging encrypted share tokens
A padding oracle in OopsSec Store's share feature leaks whether decryption produced valid PKCS#7 padding. That's enough to forge a token for an internal report and grab the flag.
