Padding Oracle in Feathersjs with Basic Auth
Padding Oracle in Feathersjs with Basic Auth — how this specific combination creates or exposes the vulnerability
A padding oracle attack can manifest in a Feathersjs service that uses Basic Auth when the server returns distinguishable error messages or status codes for invalid padding versus invalid authentication. Feathersjs, by default, exposes detailed errors in development and may inadvertently signal padding failures before credential validation completes. When Basic Auth credentials are transmitted in the Authorization header, the server must first decode the base64 token, then decrypt (if using a cipher with block modes like CBC) and verify padding. If the application throws distinct errors for malformed base64, invalid padding, or decryption failures, an attacker can iteratively submit modified ciphertexts and observe responses to infer plaintext without needing the secret key.
Consider a Feathersjs service that uses encrypted JWTs stored in Basic Auth’s password component. During authentication, the server base64-decodes the credentials, decrypts the token, and validates padding. A 401 for bad credentials and a 400 for invalid padding create an oracle. Even in unauthenticated attack surface scans run by middleBrick, such error distinctions show up as inconsistent response behaviors across endpoints, highlighting a potential oracle path. Attackers chain this with chosen-ciphertext requests to gradually recover sensitive information, such as session tokens or API keys, especially when the same key is reused across services.
Real-world impact aligns with OWASP API Top 10:2023 Broken Object Level Authorization and Cryptographic Failures. Instances where an unauthenticated endpoint returns verbose errors or timing differences can be correlated with Basic Auth flows to amplify risk. middleBrick’s 12 security checks, including Input Validation and Data Exposure, are designed to detect inconsistent error handling and unauthenticated endpoint behaviors that may indicate an oracle. Findings include severity-ranked remediation guidance mapped to compliance frameworks like PCI-DSS and SOC2, helping teams prioritize fixes.
Basic Auth-Specific Remediation in Feathersjs — concrete code fixes
Remediation focuses on making error handling uniform and avoiding any padding-dependent branching. Ensure that all authentication paths, including Basic Auth parsing and decryption, take the same amount of time and return the same HTTP status for any invalid credentials or malformed tokens. Use constant-time comparison for secrets and avoid exposing padding-related errors to the client.
Example of insecure Basic Auth handling in Feathersjs that can leak padding information:
// ❌ Insecure: distinct errors for malformed credentials and decryption failures
const { AuthenticationService } = require('@feathersjs/authentication');
class CustomAuthService extends AuthenticationService {
async create(data, params) {
const { authorization } = params.headers;
if (!authorization || !authorization.startsWith('Basic ')) {
throw new Error('Missing authorization header');
}
const base64 = authorization.split(' ')[1];
let decoded;
try {
decoded = Buffer.from(base64, 'base64').toString('utf8');
} catch (err) {
throw new Error('Invalid base64');
}
const [username, encryptedToken] = decoded.split(':');
let token;
try {
token = decryptToken(encryptedToken, secretKey); // may throw on bad padding
} catch (err) {
throw new Error('Invalid token padding');
}
// validate token …
}
}
Example of secure remediation with uniform error handling and constant-time operations:
// ✅ Secure: uniform errors, constant-time comparison
const { AuthenticationService } = require('@feathersjs/authentication');
const { timingSafeEqual } = require('crypto');
const expectedLength = 32; // e.g., HMAC length
class CustomAuthService extends AuthenticationService {
async create(data, params) {
const { authorization } = params.headers;
// Always parse and validate format first
if (!authorization || !authorization.startsWith('Basic ')) {
return this.failAuthentication();
}
const base64 = authorization.split(' ')[1];
let decoded;
try {
decoded = Buffer.from(base64, 'base64').toString('utf8');
} catch (err) {
return this.failAuthentication();
}
const [username, tokenHex] = decoded.split(':');
if (!username || !tokenHex) {
return this.failAuthentication();
}
// Use constant-time comparison for secrets to avoid timing leaks
const storedToken = getStoredTokenForUser(username); // from secure store
if (!storedToken || tokenHex.length !== expectedLength * 2) {
return this.failAuthentication();
}
const tokenBuf = Buffer.from(tokenHex, 'hex');
const storedBuf = Buffer.from(storedToken, 'hex');
// Ensure lengths match to avoid branching on length
if (tokenBuf.length !== storedBuf.length) {
return this.failAuthentication();
}
const isValid = timingSafeEqual(tokenBuf, storedBuf);
if (!isValid) {
return this.failAuthentication();
}
// Proceed with token verification if needed
return this.authenticateUser(username);
}
failAuthentication() {
// Always return the same generic error and status
return Promise.reject(new Error('Invalid credentials'));
}
}
Additionally, configure Feathersjs to suppress verbose stack traces in production by setting errors in the app configuration. Ensure that any cryptographic operations use modern authenticated encryption (e.g., AES-GCM) rather than raw CBC with manual padding, which removes the padding oracle surface entirely. middleBrick’s Continuous Monitoring (Pro plan) can be added to CI/CD to flag inconsistent error patterns across scans, and the GitHub Action can enforce a threshold so that builds fail if such risky behaviors are detected.