Tag: padding-oracle
All the articles with the tag "padding-oracle".
-
Padding oracle attack: forging encrypted share tokens
A padding oracle in OopsSec Store's share feature leaks whether decryption produced valid PKCS#7 padding. That's enough to forge a token for an internal report and grab the flag.
