Poodle Attack in Fastapi with Dynamodb

The Poodle attack (CVE-2014-3566) exploits weak legacy encryption in SSL/TLS to decrypt secure communications. In a Fastapi service that stores session or user data in DynamoDB, the risk arises not from DynamoDB itself, but from the web layer and data-in-transit. A Fastapi app that accepts TLS connections without enforcing strong cipher suites may allow an attacker to perform padding oracle attacks against session tokens or authentication cookies. If your Fastapi application uses TLS configurations that support SSLv3 or CBC-mode ciphers without proper mitigations, an attacker who can observe and influence encrypted traffic may recover plaintext session identifiers.

When such a session token is stored in DynamoDB (for example, in a table with a PartitionKey of user_id and a SortKey of session_start), the impact is tangible: decrypting the token can lead to session hijacking. Consider a typical design where Fastapi generates a JWT or opaque session token, stores a record in DynamoDB for revocation or metadata, and returns the token to the client. If the token is encrypted or signed using a weak scheme because TLS is downgraded, an attacker can use the Poodle padding oracle to learn the plaintext. The DynamoDB table itself is not vulnerable to Poodle, but if session state and cryptographic protections are weak, the stored data’s confidentiality and integrity are undermined.

In practice, this combination becomes exploitable when:

• Fastapi is fronted by a load balancer or reverse proxy that permits SSLv3 or CBC ciphers (e.g., TLS_RSA_WITH_AES_256_CBC_SHA).
• Session tokens or authentication cookies are encrypted or integrity-protected in a way that a padding oracle can be queried.
• The application stores session metadata in DynamoDB and relies on the security of TLS to protect the token before it reaches the database.

An attacker can repeatedly send modified ciphertexts and observe whether padding errors differ between valid and invalid padding, gradually revealing the plaintext token. Once recovered, the token can be used to access the associated DynamoDB-stored session data, enabling unauthorized access. This highlights the importance of robust TLS configurations and secure token handling in Fastapi, independent of the database choice.

Remediation focuses on eliminating weak TLS options in Fastapi deployments and ensuring tokens are protected using modern algorithms rather than attempting to fix DynamoDB. Below are concrete steps and code examples for a secure Fastapi + DynamoDB integration.

1. Enforce strong TLS and disable SSLv3/CBC in your deployment. In Fastapi, use an ASGI server like uvicorn with strong cipher flags. For example, run uvicorn with:

uvicorn main:app --host 0.0.0.0 --port 8443 --ssl-keyfile=key.pem --ssl-certfile=cert.pem --ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

Ensure your load balancer or reverse proxy (e.g., Nginx, ALB) also disables SSLv3 and prefers TLS 1.2+ with GCM or ChaCha20 suites.

2. Use signed, stateless tokens (JWT) with strong algorithms and short lifetimes, and store minimal metadata in DynamoDB. Example DynamoDB model with secure token handling:

from datetime import datetime, timedelta, timezone
import boto3
from pydantic import BaseModel
from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
import jwt

# DynamoDB setup
dynamodb = boto3.resource('dynamodb', region_name='us-east-1')
session_table = dynamodb.Table('sessions')

# JWT configuration
SECRET_KEY = 'your-strong-secret'
ALGORITHM = 'RS256'
ACCESS_TOKEN_EXPIRE_MINUTES = 30

oauth2_scheme = OAuth2PasswordBearer(tokenUrl='token')

class SessionRecord(BaseModel):
    user_id: str
    session_start: str
    expires_at: str
    scopes: str

def store_session(user_id: str, expires_at: datetime):
    session_table.put_item(
        Item={
            'user_id': user_id,
            'session_start': expires_at.isoformat(),
            'expires_at': expires_at.isoformat(),
            'scopes': 'read write'
        }
    )

def get_session(user_id: str):
    resp = session_table.get_item(Key={'user_id': user_id})
    return resp.get('Item')

def verify_token(token: str = Depends(oauth2_scheme)):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        user_id: str = payload.get('sub')
        if user_id is None:
            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Invalid authentication')
        db_session = get_session(user_id)
        if not db_session or datetime.fromisoformat(db_session['expires_at']) < datetime.now(timezone.utc):
            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Session expired or revoked')
        return user_id
    except jwt.ExpiredSignatureError:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Token expired')
    except jwt.InvalidTokenError:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail='Invalid token')

# Example protected route
from fastapi import Fastapi
app = Fastapi()

@app.get('/secure')
async def read_secure(user_id: str = Depends(verify_token)):
    return {'user_id': user_id, 'message': 'Access granted'}

3. Store only minimal, non-sensitive metadata in DynamoDB. Avoid storing plaintext secrets or tokens; store only revocations or last-active timestamps indexed by user_id. Use DynamoDB encryption at rest with AWS KMS CMKs, and ensure your IAM policies grant least privilege to the table.

4. Monitor and rotate keys. Rotate your JWT signing keys and KMS keys regularly. Use short token lifetimes (e.g., 15–30 minutes) and refresh tokens stored securely with restricted scope.

By focusing on strong TLS and secure token handling, you mitigate the Poodle attack surface for Fastapi applications that use DynamoDB, without changing the database service itself.