XML Encryption Cracked, call for change in encryption standard

Call for change in XML encryption standard.

XML encryption is used for secure communication and data transportation by many big companies, including Apache, IBM, Red Hat and Microsoft.

The German researchers, Juraj Somorovsky and Tibor Jager, from Ruhr-University Bochum, who have demonstrated a practical attack against XML's cipher block chaining (CBC) mode.

"We were able to decrypt data by sending modified ciphertexts to the server, by gathering information from the received error messages,"

Said the researchers. The discovered vulnerability can result possible leak of sensitive information and leaving number of major Web-based applications, ranging from business communications, e-commerce, and financial services, to governmental and military infrastructures in trouble.

Somorovsky also called on the W3C, which instituted the XML encryption standard, to replace it. Researcher claims:

 "There is no simple patch for this problem. We therefore propose to change the standard as soon as possible," 

The researchers say that there is no short-term solution and strongly recommend that the standard be updated.