Background information

This was originally reported as a private security issue, but has been approved for handling in the public queue by the Drupal Security Team.

Problem/Motivation

When encrypting an option element (radios or checkboxes), the encrypted value varies based on the length of the selected value. This means that if an attacker can get a dump of the database, they can deduce the selected values for this field without having to break the encryption.

Steps to reproduce

1. Enable the module
2. Create with a radio field with two options (_Yes_ and _No_ for example) and enable encryption on this field
3. Create some submissions
4. Run this SQL query:

SELECT value FROM `webform_submission_data`;

The answers with Yes start with a:2:{s:4:"data";s:174:" and the answers with No start with a:2:{s:4:"data";s:172:".
(I tested with AES.)

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments

prudloff created an issue.