Block shuffling
Because ECB mode encrypts identical plaintext blocks to identical ciphertext blocks, the attacker can replace a ciphertext block with a known ciphertext block of their choice and the resulting plaintext block will be substituted with their desired block as well.
To carry out this attack, the attacker needs to have the ability to observe or manipulate ciphertext blocks in the communication channel.
Exploitation
Let's take the following code :
The user can forge arbitrary block into the username parameter :
There is 13 bytes before the user input ( {"username":"
) , so 3 bytes are needed to complete the first block, and the 16 following bytes will be the arbitrary forged block.
To proof that, the user can send 2 exact same blocks that will result into 2 exact same cipher blocks.
Last updated