Prevent Key Oracle attack

  1. FAQ
  2. Prevent Key Oracle attack

Source: OneLogin PHP Toolkit

URL: https://github.com/onelogin/php-saml/blob/28e7ccc949592e78f7f4648dcfb492893aecc360/lib/Saml2/Utils.php#L1112

            $encKey = $symmetricKeyInfo->encryptedCtx;
            $symmetricKeyInfo->key = $inputKey->key;
            $keySize = $symmetricKey->getSymmetricKeySize();
            if ($keySize === null) {
                // To protect against "key oracle" attacks
                throw new OneLogin_Saml2_ValidationError(
                    'Unknown key size for encryption algorithm: ' . var_export($symmetricKey->type, true),
                    OneLogin_Saml2_ValidationError::KEY_ALGORITHM_ERROR
                );
            }
Published with GitBook · Last edit March 16th 2018

results for ""

    No results matching ""