Course

The Code Review Snippet challenges aim to enhance your ability to spot vulnerabilities in small snippets of code. In this lab, you are tasked with identifying a flaw in a Python web server script that employs AES encryption for session management. The script is vulnerable to a padding oracle attack due to the use of AES.MODE_CBC, which does not protect the integrity of the encrypted data. This vulnerability can allow an attacker to tamper with the encrypted data, leading to potential security breaches.

The lab walks you through the entire script, explaining each line and its purpose. The primary issue is on line 17, where AES encryption is initialized without integrity protection. The video guide further elaborates on how this creates a padding oracle vulnerability, making it essential to modify the code to ensure data integrity and secure session management.