I've prepared a private security vulnerability report to post to the spring security project that reads like the below, would you be ok with me sending it their way? I certainly didn't want to take your name in vain to them without your consent.
--------
@neilmadden on Mastodon pointed out some issues with some spring security crypto code, so I wanted to report it in case y'all weren't aware or wanted to take a look. I have regard for his crypto expertise, and since it was basically free crypto code review on his part, I thought it might be helpful.
Details quoted from his Mastodon post:
(He referenced the code found in https://github.com/spring-projects/spring-security/tree/main/crypto/src/main/java/org/springframework/security/crypto/encrypt)
they have unauthenticated CBC mode encryption as the “standard” option, which also silently uses a fixed zero IV so is completely insecure
one of the GCM implementations uses BouncyCastle’s “fast” table-lookup AES implementations, which likely has side-channels galore
the RSA encryption defaults to 1024-bit keys, which are not remotely secure by modern standards
it also defaults to PKCS#1 v1.5 padding, which is also not secure
the “raw” RSA implementation actually runs RSA in ECB mode if the message is longer than the modulus allows (quite likely given they use small keys). This is absolutely terrible.
the “secret” RSA encryption, which attempts to do hybrid encryption (with GCM), generates a random per-message AES key (good) but then treats it as a password and sends it through 1024 rounds of PBKDF2, so is incredibly slow. (It then pointlessly uses AES-256-GCM despite only generating a 128-bit key, again adding overhead for no security reason).
Impact
I don't claim to have the crypto chops of either @neilmadden, nor the Spring Security maintainers, but I thought it would be far better to make you all aware than just kibitz about it on Mastodon. If an issue or PR is a more appropriate vehicle for the above, just let me know. I'm happy to assist in trying to clean these issues up, although I'm no @neilmadden, I am a long time user of spring security and spring boot, and love what y'all do for us out here in the development community, hence my concern.
If any credit is publicly associated with this report, please attribute it to @neilmadden, as he is the actual source of this information, I'm just the random lurker on mastodon discussing it with him when he revealed it.
Warmest Regards,
Pat O'Neil
--------
