A bug that Oracle recently patched broke the main functionality of Oracle Access Manager (OAM), which should only give authorized users access to protected enterprise data.
OAM provides an authentication function for web applications based on Oracle Fusion Middleware. It can be used to provide and block access to external mobile and cloud applications.
However, researchers at Austrian security firm SEC-Consult found a flaw in OAM's cryptographic format that allowed them to create session tokens for any user, which the attacker could use to impersonate any legitimate user and access web apps that OAM should be protecting. As SEC-Consult explains, OAM-protected web servers feature an authentication component called an Oracle WebGate. When users attempt to access a protected resource from the web server, they're bumped across to an OAM page to enter a username and password. If successful, they're redirected back to the web application and can log in using an encrypted authentication token that's stored in a browser cookie.
However, a flaw in OAM's custom cryptographic format allowed SEC-Consult researcher Wolfgang Ettlinger to use a padding oracle attack to decrypt the authentication token. "We found that a cryptographic format used by the OAM exhibits a serious flaw," explained Ettlinger. "By exploiting this vulnerability, we were able to craft a session token. When a WebGate is presented with this token, it would accept it as a legitimate form of authentication and allow us to access protected resources.
"What's more, the session cookie crafting process lets us create a session cookie for an arbitrary username, thus allowing us to impersonate any user known to the OAM." Oracle Fusion Middleware 11g and 12c were affected by the vulnerability in the OAM authentication engine, which is tracked as CVE-2018-2879 and got a CVSS v3 score of 9.0 out of a possible 10 in Oracle's April critical patch update.
Ettlinger said there are two lessons to be drawn from the bug: "You do not roll your own crypto" and "You DO NOT roll your own crypto". "Cryptography is very hard to get exactly right. Even when using standard implementations of algorithms, it is challenging to design a proper cryptographic format or protocol," he wrote.
"Quite often, seemingly secure implementations can exhibit serious vulnerabilities -- and that goes way beyond the rather well-known padding oracle attack that was demonstrated here," he wrote."