CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-48JG-H3CV-MQVX
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
{
"affected": [],
"aliases": [
"CVE-2021-34433"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-20T17:15:00Z",
"severity": "HIGH"
},
"details": "In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side\u0027s signature on the client side, if that signature is not included in the server\u0027s ServerKeyExchange.",
"id": "GHSA-48jg-h3cv-mqvx",
"modified": "2022-05-24T19:11:49Z",
"published": "2022-05-24T19:11:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34433"
},
{
"type": "WEB",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-48RW-J489-928M
Vulnerability from github – Published: 2020-06-05 16:13 – Updated: 2021-06-15 17:44Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "5.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.security:spring-security-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-5407"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-04T19:19:34Z",
"nvd_published_at": "2020-05-13T17:15:00Z",
"severity": "HIGH"
},
"details": "Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.",
"id": "GHSA-48rw-j489-928m",
"modified": "2021-06-15T17:44:45Z",
"published": "2020-06-05T16:13:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5407"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://tanzu.vmware.com/security/cve-2020-5407"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Signature wrapping vulnerability in Spring Security"
}
GHSA-49Q7-C7J4-3P7M
Vulnerability from github – Published: 2024-08-02 09:31 – Updated: 2025-11-04 16:52In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.5.6"
},
"package": {
"ecosystem": "npm",
"name": "elliptic"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.1"
},
{
"fixed": "6.5.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-42461"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-05T13:51:26Z",
"nvd_published_at": "2024-08-02T07:16:10Z",
"severity": "LOW"
},
"details": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.",
"id": "GHSA-49q7-c7j4-3p7m",
"modified": "2025-11-04T16:52:52Z",
"published": "2024-08-02T09:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/pull/317"
},
{
"type": "WEB",
"url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11"
},
{
"type": "PACKAGE",
"url": "https://github.com/indutny/elliptic"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241004-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Elliptic allows BER-encoded signatures"
}
GHSA-4C73-WX52-99CM
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1375"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T21:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GHSA-4c73-wx52-99cm",
"modified": "2022-05-24T17:45:12Z",
"published": "2022-05-24T17:45:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1375"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4CH4-JP34-QWGW
Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2024-12-19 00:37A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
{
"affected": [],
"aliases": [
"CVE-2024-41145"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-18T23:15:07Z",
"severity": "HIGH"
},
"details": "A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions.",
"id": "GHSA-4ch4-jp34-qwgw",
"modified": "2024-12-19T00:37:35Z",
"published": "2024-12-19T00:37:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41145"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4FGQ-GQ9G-3RW7
Vulnerability from github – Published: 2019-09-23 18:32 – Updated: 2021-04-01 20:57It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10201"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2019-09-19T15:26:01Z",
"nvd_published_at": "2019-08-14T17:15:00Z",
"severity": "MODERATE"
},
"details": "It was found that Keycloak\u0027s SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the \u003cSignature\u003e sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.",
"id": "GHSA-4fgq-gq9g-3rw7",
"modified": "2021-04-01T20:57:58Z",
"published": "2019-09-23T18:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10201"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Cryptographic Signature in keycloak"
}
GHSA-4FJV-PMHG-3RFG
Vulnerability from github – Published: 2020-12-04 16:47 – Updated: 2024-10-07 21:07Impact
- Client implementations using this library
Issues
1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg.
2) JWA none algorithm was allowed in all flows.
3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator.
4) iat claim was not checked for sanity (i.e. it could be in the future)
Patches
1) IdToken signature is now always checked.
2) JWA none algorithm is now allowed only if using the response_type code
3) IdToken verification is now done automatically.
4) iat claim is now checked for sanity.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "oic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26244"
],
"database_specific": {
"cwe_ids": [
"CWE-325",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2020-12-02T20:06:06Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n* Client implementations using this library\n\n### Issues\n1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg.\n2) JWA `none` algorithm was allowed in all flows.\n3) `oic.consumer.Consumer.parse_authz` returns an unverified IdToken. The verification of the token was left to the discretion of the implementator.\n4) `iat` claim was not checked for sanity (i.e. it could be in the future)\n\n### Patches\n1) IdToken signature is now always checked.\n2) JWA `none` algorithm is now allowed only if using the `response_type` `code`\n3) IdToken verification is now done automatically.\n4) `iat` claim is now checked for sanity.",
"id": "GHSA-4fjv-pmhg-3rfg",
"modified": "2024-10-07T21:07:21Z",
"published": "2020-12-04T16:47:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26244"
},
{
"type": "WEB",
"url": "https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenIDC/pyoidc"
},
{
"type": "WEB",
"url": "https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/oic/PYSEC-2020-69.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/oic"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Multiple cryptographic issues in Python oic"
}
GHSA-4G52-PQCJ-PHVH
Vulnerability from github – Published: 2021-05-21 16:23 – Updated: 2021-05-20 20:51Impact
- BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays.
- Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block.
The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.
Patches
By switching from the go based blst bindings over to the bindings in filecoin-ffi, the code paths now ensure that all signatures are compressed by size and the way they are deserialized.
This happened in https://github.com/filecoin-project/lotus/pull/5393
References
- Original POC: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/filecoin-project/lotus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21405"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T20:51:00Z",
"nvd_published_at": "2021-04-15T22:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - \"serialized\", and \"compressed\", meaning that BLS signatures can be provided as either of 2 unique byte arrays.\n2. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block.\n\nThe result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.\n\n### Patches\n\nBy switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized.\nThis happened in https://github.com/filecoin-project/lotus/pull/5393\n\n\n### References\n\n- Original POC: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754",
"id": "GHSA-4g52-pqcj-phvh",
"modified": "2021-05-20T20:51:00Z",
"published": "2021-05-21T16:23:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21405"
},
{
"type": "WEB",
"url": "https://github.com/filecoin-project/lotus/pull/5393"
},
{
"type": "WEB",
"url": "https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "BLS Signature \"Malleability\""
}
GHSA-4G63-C64M-25W9
Vulnerability from github – Published: 2022-07-21 22:33 – Updated: 2022-07-21 22:33Impact
SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected.
The contracts that may be affected are those that use SignatureChecker to check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.
Patches
The issue was patched in 4.7.1.
References
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552
For more information
If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at security@openzeppelin.com.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.7.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/contracts-upgradeable"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31172"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-21T22:33:37Z",
"nvd_published_at": "2022-07-22T04:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\n`SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8\u0027s `abi.decode` allows some cases to revert, given a target contract that doesn\u0027t implement EIP-1271 as expected.\n\nThe contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.\n\n### Patches\n\nThe issue was patched in 4.7.1.\n\n### References\n\nhttps://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552\n\n### For more information\n\nIf you have any questions or comments about this advisory, or need assistance deploying the fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).",
"id": "GHSA-4g63-c64m-25w9",
"modified": "2022-07-21T22:33:37Z",
"published": "2022-07-21T22:33:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4g63-c64m-25w9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31172"
},
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenZeppelin Contracts\u0027s SignatureChecker may revert on invalid EIP-1271 signers"
}
GHSA-4H6J-V5PX-XWG7
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-11-15 21:35Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
{
"affected": [],
"aliases": [
"CVE-2021-31847"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-347",
"CWE-427"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-22T14:15:00Z",
"severity": "HIGH"
},
"details": "Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.",
"id": "GHSA-4h6j-v5px-xwg7",
"modified": "2023-11-15T21:35:02Z",
"published": "2022-05-24T19:15:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31847"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1104"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.