It's a CBC padding oracle, intrinsic to the operation of CBC --- if you PKCS7-pad some other mode, you do not get the same attack --- the single best-known cryptographic vulnerability on the Internet, and the parent commenter took the time to give you the most famous instance of it. For the record: that's also not the only CBC vulnerability.
The padding is a key part of using a block cipher in CBC mode.
I’m not sure why you’re ferociously defending the practice of implementing your own cryptography. It’s well known that this is a horrible idea for good reason.
> Furthermore, padding oracles are completely irrelevant to data at rest, like as described in this topics use case. So it really is a bit of a non sequitur too.
That's not true and extremely dangerous to say. In an offline, black-box scenario no server is needed for a padding-oracle. You are thinking of a side-channel oracle. A padding-oracle attack can absolutely be feasible in many cases.
I appreciate your efforts at actually elevating this discussion. Yes, I said something too general when I really was just trying to describe _this_ particular HTML-page encryption implementation.
You're right that its possible that an offline decryption algorithm could in fact be a padding oracle under the right scenario. But I still posit it probably doesn't apply to this static-HTML page generator.
The nuanced viewpoint is never implement your own cryptography.
> Its so stupid simple I don't think that even a novice would make a critical error.
Ask Microsoft about that one: https://learn.microsoft.com/en-us/security-updates/securityb...