Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

Summary:

Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To mitigate this vulnerability, we released a new General Availability (GA) version of the Azure Storage SDK client-side encryption feature (v2) on July 12, 2022.

Microsoft is not aware of any reported exploitation of this vulnerability affecting Azure services. We recommend impacted customers who require client-side encryption migrate to v2 to remain secure. For more details, read the Azure Storage blog or see the Additional References section below.

Customer Impact:

As mentioned, applications using client-side encryption in Azure Storage SDK (for Python, .NET, Java) may be impacted and must be updated to remain as secure as possible. If you have questions about whether you are impacted, see the “How to verify if you use the client-side encryption feature” section in the Azure Storage blog.

For instructions on how to migrate to v2, see the “Action required to remediate this vulnerability” section in the Azure Storage blog. Migration requires: a) updating code to use client-side encryption v2, and b) migrating data previously encrypted with client-side encryption v1 to client-side encryption v2.

As an alternative to client-side encryption, impacted customers can investigate using Azure Storage server-side encryption for protecting data at rest. See the “Azure Storage server-side encryption” section in the Azure Storage blog for information about server-side encryption.

Technical Details:

Azure Storage .NET, Java, and Python SDKs support encryption on the client with a customer-managed key maintained in Azure Key Vault or another key store. Previously released versions of the Azure Storage SDKs use cipher block chaining (CBC) mode for client-side encryption (referred to as “v1”). The v1 implementation of CBC block mode is vulnerable to a padding oracle attack, provided the attacker has write access to the blob and can observe decryption failures. Our investigation showed an attacker would need to perform a significant number of keystrokes per byte of plain text to decrypt blob contents. Again, Microsoft is not aware of any reported exploitation of this vulnerability affecting Azure services.

We would like to thank Google for reporting this vulnerability and working with the Microsoft Security Response Center (MSRC) under Coordinated Vulnerability Disclosure (CVD) to help keep Microsoft customers safe.

References: