🟠Security Vulnerability: Applet can be forced to reuse session key from the last session
mvondracek opened this issue · 0 comments
mvondracek commented
- Severity: MEDIUM
- Vulnerability Class: lost of perfect forward secrecy
- Description: If the attacker starts the next session without performing key agreement. The applet does not check whether key agreement (J-PAKE) was performed during the current session. During normal applet’s operation, an encryption key is set after a successful key agreement, but it is not cleared when the applet is deselected or removed from the reader. The attacker can force the applet to use the old encryption key, which gives the attacker a much longer window for exploitation if the old key is compromised.
- Exploit: Start the next session without performing key agreement.
- Remediation: The applet must require a fresh key agreement at the beginning of each secure session. Session key must be securely deleted during applet’s
selectanddeselectoperations so it cannot be reused. - Location: applets/AlmostSecureApplet.java:347
Discovered by Team Emerald.