[okular] [Bug 409991] New: Manipulation of encrypted text allows plaintext revovery

Fri, 19 Jul 2019 03:39:56 -0700 

https://bugs.kde.org/show_bug.cgi?id=409991

            Bug ID: 409991
           Summary: Manipulation of encrypted text allows plaintext
                    revovery
           Product: okular
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: PDF backend
          Assignee: okular-de...@kde.org
          Reporter: certb...@bsi.bund.de
  Target Milestone: ---

Created attachment 121625
  --> https://bugs.kde.org/attachment.cgi?id=121625&action=edit
The attached pdfs exploit the vulnerabilities for Okular v0.26.1. The password
for the encrypted pdf files is 'pass'.

SUMMARY
The attached report analyzes PDF encryption and shows two novel techniques for
breaking the confidentiality of encrypted documents.

Firstly, the PDF feature of partially encrypted documents is abused to wrap the
encrypted part of the document within attacker-controlled content and
therefore, exfiltrate the plaintext once the document is opened by a legitimate
user. Secondly, abusing a flaw in the PDF encryption specification allows an
attacker to arbitrarily manipulate encrypted content without knowing the
corresponding key/password. The only requirement is one single block of known
plaintext, which is fulfilled by design. By using exfiltration channels the
attacks allow the recovery of the entire plaintext or parts of it within an
encrypted document. The attacks rely only on standard compliant PDF features.
The attacks described have been validated for widely used PDF viewers proofing
many of them as vulnerable.

Workarounds in the various implementations may provide a short-term
countermeasure. Adequate countermeasures rather need to be included as part of
upcoming specifications. Therefore the issue has been escalated to the ISO
working group on Crypto and Signatures and will be taken up in the next
revision of the PDF Spec.

Disclosure is currently planned for the end of August 2019. Please restrain
from publishing any details before that date.

STEPS TO REPRODUCE
1. Open the attached 'exploit' pdfs in affected Okular version (e.g. v0.26.1).
The password for the encrypted pdf files is simply 'pass'.

OBSERVED RESULT
Upon decryption the condidential content is leaked.

SOFTWARE/OS VERSIONS
KDE Frameworks Version: 4.14.2
Qt Version: 4.8.2

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to