logo

Database

Insecure encryption algorithm In cookie-encrypter

Description

Bit flip attack vulnerability in cookie-encrypter due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2024-534412. NVD-2024-534413. OSV-2024-534414. GCVE-2024-53441

References

1. https://github.com/ebourmalo/cookie-encrypter/issues/92. https://crypto.stackexchange.com/questions/66085/bit-flipping-attack-on-cbc-mode3. https://gist.github.com/mathysEthical/f45f1503f87381090e38a33c50eec9714. https://mathys.reboux.pro/CVE/2024/53441

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.