CR-PADDING-ORACLECredential Access

Padding Oracle (CBC)

Server reveals padding-validity in error messages or timing — decrypt + forge any CBC-encrypted token (session cookies, viewstate).

§ Where this technique fits

CR-PADDING-ORACLE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Padding oracle → forge admin session cookie
App encrypts session cookies with AES-CBC and reveals padding-validity via a 500/200 differential. Decrypt the cookie, forge an admin cookie, log in without credentials.
step 2 / 6

§ What commonly comes next

01
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Padding oracle → forge admin session cookie

§ What commonly comes next