XML Encryption with AES-CBC broken

2011-10-24 00:00:00 +0100

Juraj Somorovsky and Tibor Jager from Ruhr University Bochum (RUB) found a weakness in the way XML Encryption (W3C standard) messages are processed by compliant implementations. The attack is chosen-ciphertext type and it only works if AES in CBC mode is used. The standard allows AES-128, AES-256 and AES-192 and 3DES in CBC mode. The attack doesn’t work if 3DES is used.