TypeScript Snippet #06

This challenge covers the review of a snippet of code written in TypeScript

PRO
Tier
Easy
< 1 Hr.
544

Course


The Code Review Snippet challenges provide a small snippet of vulnerable code. In this particular lab, you are tasked with identifying a cryptographic flaw in a TypeScript application that uses AES-256-CBC for encryption and decryption. The challenge involves pinpointing the exact line of code that needs to be changed to patch the vulnerability.

In the provided code, encryption and decryption functions are defined, but they lack mechanisms to prevent tampering, making the application susceptible to padding oracle attacks. By following the accompanying video, you can learn more about the nature of the vulnerability and how to effectively address it. The video walks you through the code, explaining each part and highlighting the issue with the encryption method, particularly the lack of integrity checks.

Want to learn more? Get started with PentesterLab Pro! GO PRO