OWASP A02:2021 - Cryptographic Failures

Overview

Cryptographic Failures (previously known as Sensitive Data Exposure) focuses on failures related to cryptography which often leads to sensitive data exposure or system compromise. This category represents failures in protecting data both in transit and at rest.

Risk Rating: High CWE Mappings: 29 CWEs mapped to this category Prevalence: Common in applications handling sensitive data Previous Ranking: A03:2017 (Sensitive Data Exposure)

What are Cryptographic Failures?

Cryptographic failures occur when applications fail to properly protect sensitive data through inadequate or missing cryptographic controls. This includes weak encryption, poor key management, insecure protocols, and transmission of sensitive data in plaintext.

Common Vulnerabilities

1. Weak or Missing Encryption

• Description: Use of weak cryptographic algorithms or missing encryption entirely

• Examples: MD5, SHA1, DES, RC4, or plaintext storage

2. Insecure Data Transmission

• Description: Sensitive data transmitted over unencrypted channels

• Examples: HTTP instead of HTTPS, unencrypted database connections

3. Poor Key Management

• Description: Inadequate protection of cryptographic keys

• Examples: Hardcoded keys, weak key generation, improper key storage

4. Weak Random Number Generation

• Description: Use of predictable or weak random number generators

• Examples: Using rand() instead of cryptographically secure generators

5. Certificate and TLS Issues

• Description: Improper SSL/TLS implementation

• Examples: Invalid certificates, weak cipher suites, missing HSTS

Testing Methodology

1. Information Gathering

• Identify data transmission methods (HTTP/HTTPS)

• Analyze SSL/TLS implementation

• Check for sensitive data in client-side code

• Review cookie security attributes

2. SSL/TLS Testing

# Test SSL/TLS configuration
sslscan target.com
nmap --script ssl-enum-ciphers -p 443 target.com
testssl.sh https://target.com

# Check for weak protocols
nmap --script ssl-poodle -p 443 target.com
nmap --script ssl-heartbleed -p 443 target.com

3. Certificate Analysis

# Get certificate information
openssl s_client -connect target.com:443 -showcerts

# Check certificate validity
curl -I https://target.com --cert-status

# Test certificate chain
openssl s_client -connect target.com:443 -verify_return_error

4. Data Transmission Analysis

# Intercept and analyze traffic
# Using Burp Suite or OWASP ZAP
# Look for:
# - Sensitive data in HTTP requests
# - Unencrypted form submissions
# - API keys in headers
# - Session tokens in URLs

Common Attack Vectors

1. Man-in-the-Middle (MITM) Attacks

• Exploit weak SSL/TLS configurations

• Certificate spoofing

• Downgrade attacks (HTTPS → HTTP)

2. Padding Oracle Attacks

• Exploit CBC mode vulnerabilities

• Target applications using AES-CBC incorrectly

3. Weak Hash Exploitation

# Crack MD5 hashes
hashcat -m 0 hashes.txt /path/to/wordlist.txt

# Crack SHA1 hashes  
hashcat -m 100 hashes.txt /path/to/wordlist.txt

# Rainbow table attacks
rtgen md5 loweralpha-numeric 1 7 0 3800 33554432 0

4. Key Recovery Attacks

• Extract hardcoded keys from source code

• Exploit weak key generation algorithms

• Side-channel attacks on key operations

Tools and Techniques

SSL/TLS Testing Tools

# SSL Labs API testing
curl -s "https://api.ssllabs.com/api/v3/analyze?host=target.com" | jq

# Custom SSL testing
nmap --script ssl-cert,ssl-enum-ciphers,ssl-poodle,ssl-heartbleed target.com

# Check for weak ciphers
sslscan --show-certificate --no-colour target.com:443

Cryptographic Analysis Tools

• Hashcat: Advanced password recovery

• John the Ripper: Password cracking

• CyberChef: Cryptographic analysis and decoding

• Cryptool: Educational cryptography tool

Network Analysis

# Wireshark filters for crypto analysis
tls.handshake.type == 1  # Client Hello
tls.handshake.type == 2  # Server Hello
ssl.record.content_type == 22  # Handshake

# tcpdump for TLS analysis
tcpdump -i any -s 0 -A 'port 443' -w tls_capture.pcap

Exploitation Examples

Example 1: Weak Hash Function Exploitation

# Identify hash type
hashid "5d41402abc4b2a76b9719d911017c592"  # MD5

# Crack using wordlist
hashcat -m 0 -a 0 hash.txt rockyou.txt

# Generate rainbow tables
rtgen md5 loweralpha-numeric 1 8 0 3800 33554432 0

Example 2: SSL/TLS Downgrade Attack

# Python script for SSL downgrade testing
import ssl
import socket

def test_ssl_versions(hostname, port=443):
    protocols = [
        ('SSLv23', ssl.PROTOCOL_SSLv23),
        ('TLSv1', ssl.PROTOCOL_TLSv1),
        ('TLSv1_1', ssl.PROTOCOL_TLSv1_1),
        ('TLSv1_2', ssl.PROTOCOL_TLSv1_2)
    ]
    
    for name, protocol in protocols:
        try:
            context = ssl.SSLContext(protocol)
            sock = socket.create_connection((hostname, port))
            ssock = context.wrap_socket(sock, server_hostname=hostname)
            print(f"{name}: Supported")
            ssock.close()
        except Exception as e:
            print(f"{name}: Not supported - {e}")

Example 3: Hardcoded Key Extraction

# Search for hardcoded cryptographic keys
grep -r "BEGIN RSA PRIVATE KEY" /var/www/html/
grep -r "api_key\|secret_key\|private_key" source_code/
grep -r "password\|passwd\|pwd" config_files/

# Search for base64 encoded keys
grep -r "[A-Za-z0-9+/]{40,}" source_code/ | grep -v ".git"

Example 4: CBC Padding Oracle Attack

# Padding oracle attack simulation
import requests
import base64

def padding_oracle_test(ciphertext, oracle_url):
    """Test for padding oracle vulnerability"""
    # Modify last byte of ciphertext
    modified = bytearray(base64.b64decode(ciphertext))
    
    for i in range(256):
        modified[-1] = i
        test_cipher = base64.b64encode(modified).decode()
        
        response = requests.post(oracle_url, data={'data': test_cipher})
        
        if "padding" in response.text.lower():
            print(f"Padding oracle detected with byte: {i}")
            return True
    
    return False

Impact Assessment

Data at Risk

• Personal Information: Names, addresses, SSNs, phone numbers

• Financial Data: Credit cards, bank accounts, payment information

• Authentication Data: Passwords, session tokens, API keys

• Medical Records: Health information, medical history

• Business Data: Trade secrets, intellectual property

Attack Scenarios

1. Data Breach: Sensitive data exposed through weak encryption

2. Session Hijacking: Weak session management leads to account takeover

3. MITM Attacks: Unencrypted communications intercepted

4. Credential Theft: Weak password hashing enables credential recovery

Prevention and Mitigation

1. Use Strong Cryptographic Algorithms

# Good: Strong encryption implementation
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
import os
import base64

def encrypt_data(data, password):
    # Generate salt
    salt = os.urandom(16)
    
    # Derive key using PBKDF2
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=100000,
    )
    key = base64.urlsafe_b64encode(kdf.derive(password.encode()))
    
    # Encrypt data
    f = Fernet(key)
    encrypted = f.encrypt(data.encode())
    
    return salt + encrypted

# Bad: Weak encryption (avoid)
import hashlib
def weak_hash(password):
    return hashlib.md5(password.encode()).hexdigest()  # DON'T USE

2. Proper SSL/TLS Configuration

# Nginx SSL/TLS configuration
server {
    listen 443 ssl http2;
    server_name example.com;
    
    # Strong SSL configuration
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    
    # Modern SSL protocols only
    ssl_protocols TLSv1.2 TLSv1.3;
    
    # Strong cipher suites
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    
    # Security headers
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
}

3. Secure Password Hashing

# Using bcrypt for password hashing
import bcrypt

def hash_password(password):
    # Generate salt and hash password
    salt = bcrypt.gensalt(rounds=12)
    return bcrypt.hashpw(password.encode('utf-8'), salt)

def verify_password(password, hashed):
    return bcrypt.checkpw(password.encode('utf-8'), hashed)

# Using Argon2 (recommended)
from argon2 import PasswordHasher

ph = PasswordHasher()

def hash_password_argon2(password):
    return ph.hash(password)

def verify_password_argon2(password, hash):
    try:
        ph.verify(hash, password)
        return True
    except:
        return False

4. Secure Key Management

# Environment-based key management
import os
from cryptography.fernet import Fernet

def get_encryption_key():
    key = os.environ.get('ENCRYPTION_KEY')
    if not key:
        raise ValueError("ENCRYPTION_KEY environment variable not set")
    return key.encode()

# Key rotation example
class KeyRotation:
    def __init__(self):
        self.current_key = self.get_current_key()
        self.old_keys = self.get_old_keys()
    
    def encrypt(self, data):
        f = Fernet(self.current_key)
        return f.encrypt(data.encode())
    
    def decrypt(self, encrypted_data):
        # Try current key first
        try:
            f = Fernet(self.current_key)
            return f.decrypt(encrypted_data).decode()
        except:
            # Try old keys
            for key in self.old_keys:
                try:
                    f = Fernet(key)
                    return f.decrypt(encrypted_data).decode()
                except:
                    continue
            raise ValueError("Unable to decrypt with any available key")

Testing Checklist

Data Protection Assessment

• Identify all sensitive data handled by the application

• Check data classification and protection requirements

• Verify data encryption at rest

• Test data encryption in transit

• Review data retention and disposal practices

Cryptographic Implementation Testing

• Test SSL/TLS configuration and cipher suites

• Verify certificate validity and chain

• Check for weak cryptographic algorithms

• Test random number generation quality

• Verify proper key management practices

Protocol Security Testing

• Test for protocol downgrade attacks

• Check for SSL/TLS vulnerabilities (Heartbleed, POODLE, etc.)

• Verify HSTS implementation

• Test certificate pinning (if applicable)

• Check for mixed content issues

Application-Level Crypto Testing

• Review password hashing mechanisms

• Test session token entropy and security

• Check for hardcoded cryptographic keys

• Verify secure cookie attributes

• Test API key security

Advanced Testing Techniques

Side-Channel Analysis

# Timing attack detection
import time
import statistics

def timing_analysis(test_function, inputs):
    """Analyze timing differences for potential side-channel attacks"""
    timings = []
    
    for input_data in inputs:
        start = time.perf_counter()
        result = test_function(input_data)
        end = time.perf_counter()
        timings.append(end - start)
    
    # Statistical analysis
    mean_time = statistics.mean(timings)
    std_dev = statistics.stdev(timings)
    
    print(f"Mean execution time: {mean_time:.6f}s")
    print(f"Standard deviation: {std_dev:.6f}s")
    print(f"Coefficient of variation: {std_dev/mean_time:.4f}")
    
    return timings

Entropy Analysis

# Test random number quality
import math
from collections import Counter

def calculate_entropy(data):
    """Calculate Shannon entropy of data"""
    if not data:
        return 0
    
    # Count frequency of each byte
    counter = Counter(data)
    data_len = len(data)
    
    # Calculate entropy
    entropy = 0
    for count in counter.values():
        probability = count / data_len
        entropy -= probability * math.log2(probability)
    
    return entropy

# Test session token entropy
def test_session_tokens(tokens):
    """Test entropy of session tokens"""
    combined = ''.join(tokens)
    entropy = calculate_entropy(combined.encode())
    
    print(f"Session token entropy: {entropy:.2f} bits")
    print(f"Maximum possible entropy: {math.log2(256) * len(tokens[0]):.2f} bits")
    
    if entropy < 4.0:
        print("WARNING: Low entropy detected in session tokens")

Reporting Template

Finding: Cryptographic Failure - [Specific Issue]

Severity: High/Critical CVSS Score: [Calculate based on impact]

Description: [Detailed description of the cryptographic failure]

Technical Details:

• Algorithm Used: [e.g., MD5, DES, etc.]

• Key Length: [if applicable]

• Implementation: [Library/framework used]

Steps to Reproduce:

1. [Step-by-step reproduction]

2. [Include testing commands/scripts]

3. [Evidence screenshots]

Proof of Concept:

[Include working exploit code or commands]

Impact:

• Data at Risk: [Types of sensitive data affected]

• Attack Scenario: [How attacker could exploit]

• Business Impact: [Financial/operational consequences]

Recommendation:

1. Immediate: [Quick fixes to reduce risk]

2. Short-term: [Proper implementation fixes]

3. Long-term: [Architectural improvements]

References:

• OWASP Top 10 A02:2021

• NIST SP 800-57: Key Management

• RFC 8446: TLS 1.3

---

This reference guide is part of a comprehensive OWASP Top 10 penetration testing series. For advanced cryptographic analysis techniques and automated testing tools, refer to the complete blog series.