Encrypted data is not authenticated / potential padding oracles

[Vinc0682]

The encrypted data is not authenticated, thus allowing easy manipulation of the ciphertext with predictable changes to the plaintext. This is especially bad as unauthenticated AES-CBC often leads to padding oracle attacks which allow the recovery of the plaintext by an active adversary.

How to fix:

1. Apply a secure message-authentication-code (MAC) like HMAC-SHA256 on the ciphertext and the IV. Always check the MAC BEFORE decrypting the ciphertext.

2. Alternatively, use an AAD-Scheme like AES-GCM or ChaCha20-Ploy1305.

[ademar111190]

Thank you for the information.
Feel free to make a PR with the fix otherwise I'll study the topic when possible and implement the changes.