Vulnerability report - insecure padding in CBC mode #984
Description
✍️ Issue Description
During Pen test of our Android application, was found that Iterable SDK is using AES encryption with insecure padding schemes (PKCS5) in CBC mode, which is susceptible to Padding Oracle Attacks. While AES itself is a strong symmetric cipher, its security depends heavily on the mode of operation and padding implementation. Using AES-CBC with PKCS-style padding introduces predictable plaintext structure and allows attackers to perform byte-by-byte decryption through side-channel responses — especially if the system provides distinguishable error messages or timing differences during decryption.
private const val TRANSFORMATION_MODERN = "AES/GCM/NoPadding"
private const val TRANSFORMATION_LEGACY = "AES/CBC/PKCS5Padding"
Finding Details
During the assessment, it was observed that the application code utilized AES encryption in Cipher Block Chaining (CBC) mode with PKCS5Padding or PKCS7Padding, both of which are vulnerable to padding oracle exploitation if server or client responses can be distinguished during decryption failures.
📋 Steps to Reproduce
- Look for file IterableDataEncryptor
- Search for AES encryption usage: AES/CBC
👤 Iterable orgId: 1695
📦 Iterable SDK version: 3.5.12 (also found in latest 3.6.4)
📲 Android OS version: all
⚠️ Beta Software Notice
Important: Our team does not provide support for issues encountered on beta or pre-release versions of operating systems, development tools, or other software. Please verify that the issue occurs on stable, officially released software before submitting this report. Thank you for your understanding.