S3 Encryption Client for Go, Key Commitment Vulnerability (Critical)

By /

Listen to this Post

The vulnerability arises from the lack of key commitment in the S3 Encryption Client (S3EC) for Go when using the “Instruction File” feature to store Encrypted Data Keys (EDKs). Without key commitment, a single ciphertext can be decrypted into different plaintexts using different encryption keys, known as an “Invisible Salamanders” attack. In affected versions (<=v3.1), EDKs stored in instruction files are not cryptographically bound to the ciphertext. This allows an attacker with write permissions to the S3 bucket to replace the legitimate instruction file with a rogue one containing a malicious EDK. This rogue EDK can be crafted to decrypt the same ciphertext to a plaintext chosen by the attacker. Subsequent decryption operations by the S3EC will use the rogue EDK, producing manipulated plaintext without detection, compromising data integrity and confidentiality.
Platform: S3 Encryption Client
Version: <= v3.1
Vulnerability: Key Commitment Failure
Severity: Critical
Date: Not specified

Prediction: v4.0.0 released

What Undercode Say:

Analytics

go list -m all | grep s3-encryption-client
aws s3api get-object --bucket my-bucket --key instruction-file.txt ./local-instruction.txt
cat ./local-instruction.txt | jq '.EncryptedDataKey'

import "github.com/aws/s3-encryption-client-go"
client, err := s3encryption.NewV3Client(session, config)

How Exploit:

Attacker gains write access to the S3 bucket containing the instruction file. They create a new EDK that decrypts the existing ciphertext to desired plaintext. They upload a new instruction file with this rogue EDK, replacing the original. Legitimate users decrypt the object using S3EC, which reads the rogue EDK and outputs attacker-controlled plaintext.

Protection from this CVE:

Upgrade to v4.0.0. Implement bucket policies denying unauthorized instruction file writes. Use metadata for EDK storage instead of instruction files.

Impact:

Data integrity breach. Decryption yields attacker-controlled plaintext. Compromised confidentiality in multi-tenant scenarios.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top