Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11319
HistoryFeb 07, 2006 - 12:00 a.m.

PeopleSoft (Oracle) PSCipher Encryption Weakness

2006-02-0700:00:00
vulners.com
122

Vendor: PeopleSoft
Product: People Tools
Version: 8.4x
Platform: Multi-platform
Title: Weak Encryption

Description:

PeopleSoft uses PSCipher() for encryption/hashing purposes. Based on observations from the output of
PSCipher() and on our familiarity with the cryptographic library objects and methods used in the JCA/JCE,
we were able to surmise PSCipher() uses the password-based encryption algorithm as defined in RSA
Laboratories, "PKCS #5: Password-Based Encryption Standard," version 1.5, Nov 1993.

In addition, based on PSCipher() output, the DES key used by PSCipher() is a fixed string, probably
stored in a number of system directories. Knowledge of this key would greatly benefit password dictionary
attacks against PSCipher() encrypted passwords. A fairly knowledgeable attacker could easily determine
what this fixed key is.

Based on the length of a password the algorithm pads and then outputs 8 byte values, using cipher block
chaining mode for 8 byte blocks, output using base64 encoding. Consequently, passwords patterns of the
following are readily observed:

PSCipher(x1x2x3x4x5x6x7x8) = C1
PSCipher(x1x2x3x4x5x6x7x8y1….yi) = C1C // block C varying up to i=8
PSCipher(x1x2x3x4x5x6x7x8y1….y8z1….zi) = C1C2C //block C varying up to i=8

For example,
PSCipher(12345678) = VsQZcQDrTFJg93xDQKeGJA==
PSCipher (123456789) = VsQZcQDrTFLZN5WgnZfo1w==

Note: Here VsQZcQDrTF corresponds to the 8 bytes “12345678” encrypted with base64 encoding performed
after cipher out. Also note that, as is seen in this example, the algorithm used by PSCipher() outputs
encrypted text in 8 bytes streams. If a user chooses a 9 character password, the first 8 bytes of this
will be the same for this password and an 8 character password using the same first 8 characters. Hence, a
dictionary attack for a 9 character password can be done using the first 8
characters plus any additional characters.

In effect, increasing password length does not give an exponential increase in password strength,
significantly aiding a dictionary attack against passwords. For example, suppose for simplicity only 10
characters are used for password composition. Compare a full 9 character password exhaust of 109 with
a 108 + 10 exhaust.

Vendor Solution: (Provided by Oracle)

In Enterprise PeopleTools 8.47 and above, PeopleTools provides Triple DES encryption (i.e 3DES) for
increased data security. The PSCipher Utility has been enhanced to provide a command line utility to
encrypt a variety of text values stored in various configuration files throughout your system. In
addition, the PSCipher includes the following features:

• Dynamic Key generation: The ability to generate unique encryption keys.
• Version maintenance: The key file maintains a version history of all previous versions of the keys,
which enables text previously encrypted to be encrypted or decrypted.

Important additional information:

It is important to provide proper scope to the usage of PSCipher. PeopleSoft does NOT use PSCipher for
the following encryption purposes:

  • PSCipher is NOT used for the encryption of ANY application data
  • PSCipher is NOT used for the encryption of ANY data stored in the PeopleSoft DB.
  • ALL user passwords stored in the DB are hashed using the SHA-1 Secure Hash Algorithm

In the instances where PSCipher is used within the PeopleSoft environtment, adherence to Security Best
Practices would ensure that those IDs protected with PSCipher encryption would have minimal access to the
system (additional access would be unnecessary and not recommended). Additionally, and also in accordance
to best practices, these passwords should only be persisted in secured areas of the system.

PScipher is NOT a general purpose routine. The decryption routine is NOT made available. Therefore
customers should not be using this routine for their own use to 'protect' other kinds of data.

PeopleSoft routinely reviews the overall security posture of its products, and we provide robust
processes and communication channels for our customers and 3rd party organizations to provide feedback and
information about possible security weaknesses. These matters are given the highest level of attention
and analysis and PeopleSoft endeavors to provide resolutions and fixes at the earliest possible time.

Vendor Trail:

December 04 PeopleSoft contacted
December 04 PeopleSoft confirms
October 05 PeopleSoft provides solution
Febuary 06 Release

Contributers:

Dr. Larry Wargo
Barrett McGuire
Matt Fotter

In-depth analysis is available at http://www.i-assure.com