CBC ciphertext not authenticated, making the system insecure
leonklingele opened this issue · comments
It looks like you're using unauthenticated AES-CBC. This scheme is vulnerable to bit flipping attacks.
Either authenticate the ciphertext in Encrypt-Then-MAC fashion or switch to using a AEAD cipher like AES-GCM: https://github.com/gtank/cryptopasta/blob/master/encrypt.go
New version 2.0 released with AES-256-GCM.