The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.
What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability could allow an attacker to bypass the integrity protection provided by the authentication tag that is designed to detect tampering with encrypted data. This may prevent the system from identifying whether encrypted content has been modified before it is decrypted. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by sending specially crafted encrypted data to an affected application that uses the vulnerable decryption implementation and observing how the application responds. If the application is reachable over a network, this could allow the attacker to manipulate encrypted input in a way that bypasses integrity checks during decryption.
sho odagiri with <a href="https://gmo-cybersecurity.com/">GMO CyberSecurity by ierae inc</a>