CryptoFly.us | CRYPTOCURRENCY BITCOIN SHIRTS CLOTHING APPAREL HATS

CRYPTO NEWS

Bitcoin gets green light for price discovery with ‘almost no supply’ on exchanges above $59K

Resistance is thinner than ever, while data leaves the market guessing about what will happen when Bitcoin revisits $64,500 all-time highs.

Can attacker steal data from AES encrypted table without knowing the key?

I think of a situation that attacker can steal data from AES encrypted table without knowing the key. I tried to search on internet but found nothing about this(may be I were not using the correct keyword), really appreciate if any one can shed some light on it. Assuming that the table is encrypted with::Listen

I think of a situation that attacker can steal data from AES encrypted table without knowing the key.
I tried to search on internet but found nothing about this(may be I were not using the correct keyword), really appreciate if any one can shed some light on it.

Assuming that the table is encrypted with same key but different IV:

  1. Attacker signs up for a new account in an application normally.
  2. Application creates the account and inserts a new row (2nd row in table below)
  3. Somehow attacker found a vulnerability in application to run SQL injection
  4. By SQL injection, attacker replaces cipher of his row with Victim’s value
    e.g. aes_cipher_2 -> aes_cipher_1 and iv_2 -> iv_1
  5. Attacker signs in his own account
  6. Attacker goes to the profile page, then application decrypts Victim’s data (aes_cipher_1) and shows the plaintext to him.
IDUsernameAddressIV
1Victimaes_cipher_1iv_1
2Attackeraes_cipher_2iv_2

Bitcoin gets green light for price discovery with ‘almost no supply’ on exchanges above $59K

Shopping cart
There are no products in the cart!
Continue shopping
0