CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1127 vulnerabilities reference this CWE, most recent first.
GHSA-J8M7-7FM4-J768
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2018-12356"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-15T02:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.",
"id": "GHSA-j8m7-7fm4-j768",
"modified": "2022-05-14T01:01:33Z",
"published": "2022-05-14T01:01:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12356"
},
{
"type": "WEB",
"url": "https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"type": "WEB",
"url": "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2018/06/14/3"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J935-GP2P-2Q7F
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2024-04-04 01:18Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.
{
"affected": [],
"aliases": [
"CVE-2019-1010279"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-18T19:15:00Z",
"severity": "HIGH"
},
"details": "Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.",
"id": "GHSA-j935-gp2p-2q7f",
"modified": "2024-04-04T01:18:32Z",
"published": "2022-05-24T16:50:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010279"
},
{
"type": "WEB",
"url": "https://github.com/OISF/suricata/pull/3625"
},
{
"type": "WEB",
"url": "https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b"
},
{
"type": "WEB",
"url": "https://redmine.openinfosecfoundation.org/issues/2770"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JC6X-RJ79-W4MX
Vulnerability from github – Published: 2026-06-19 20:46 – Updated: 2026-06-19 20:46Impact
An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header.
Preconditions
Exploitation requires the endpoint be configured with an endorsing supporting token binding, and the attacker constructs a ds:Signature whose KeyInfo resolves through the receive-side token resolver to a key under the attacker’s control. Both are conditions outside the attacker’s direct control on a generic deployment.
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
Use a security token resolver that only accepts references to issuer-pinned X.509 chains (the default when expecting a static set of signing certificates).
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54773"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:46:43Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nAn unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header.\n\n#### Preconditions\nExploitation requires the endpoint be configured with an endorsing supporting token binding, and the attacker constructs a `ds:Signature` whose `KeyInfo` resolves through the receive-side token resolver to a key under the attacker\u2019s control. Both are conditions outside the attacker\u2019s direct control on a generic deployment.\n\n### Patches\nFixed in CoreWCF v1.8.1 and v1.9.1\n\n### Workarounds\nUse a security token resolver that only accepts references to issuer-pinned X.509 chains (the default when expecting a static set of signing certificates).",
"id": "GHSA-jc6x-rj79-w4mx",
"modified": "2026-06-19T20:46:43Z",
"published": "2026-06-19T20:46:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-jc6x-rj79-w4mx"
},
{
"type": "PACKAGE",
"url": "https://github.com/CoreWCF/CoreWCF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "CoreWCF: WS-Security signature substitution via document-wide Signature lookup"
}
GHSA-JCX5-8F6X-5FX8
Vulnerability from github – Published: 2025-08-14 15:30 – Updated: 2025-08-14 15:30A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.
{
"affected": [],
"aliases": [
"CVE-2025-40758"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T15:15:36Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions \u003c V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions \u003c V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions \u003c V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.",
"id": "GHSA-jcx5-8f6x-5fx8",
"modified": "2025-08-14T15:30:45Z",
"published": "2025-08-14T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40758"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-395458.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JF73-G393-6JW9
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2023-05-16 12:30kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
{
"affected": [],
"aliases": [
"CVE-2021-35039"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-07T01:15:00Z",
"severity": "HIGH"
},
"details": "kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.",
"id": "GHSA-jf73-g393-6jw9",
"modified": "2023-05-16T12:30:20Z",
"published": "2022-05-24T19:07:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35039"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/0c18f29aae7ce3dadd26d8ee3505d07cc982df75"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.14"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0c18f29aae7ce3dadd26d8ee3505d07cc982df75"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210813-0004"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/07/06/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/07/06/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFC7-64V2-MR8C
Vulnerability from github – Published: 2026-06-26 19:11 – Updated: 2026-06-26 19:11Impact
The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designed to provide.
In packages/core/src/dsse.ts, the PAE function builds a string containing payloadType and then encodes it with Buffer.from(prefix, 'ascii').
In Node.js, 'ascii' encoding for string-to-Buffer is equivalent to 'latin1', which truncates characters above U+00FF to their low byte. This means for any ASCII character, there exist Unicode characters (at U+01xx, U+02xx, etc.) that produce the identical encoded byte:
| Original | Codepoint | Mutant | Codepoint | Encoded byte |
|---|---|---|---|---|
t |
U+0074 | Ŵ |
U+0174 | 0x74 |
e |
U+0065 | ť |
U+0165 | 0x65 |
An attacker can substitute every character in payloadType with a Unicode variant whose low byte matches, producing identical PAE bytes and a passing signature verification.
Additionally, payloadType.length returns the JavaScript string length (UTF-16 code units) rather than the UTF-8 byte length required by the DSSE spec, though this is only a contributing factor for non-ASCII types.
Reproduction
const { preAuthEncoding } = require('@sigstore/core/dist/dsse.js');
const payload = Buffer.from('hello world');
const original = preAuthEncoding('text/plain', payload);
// U+01xx chars whose low bytes match the original ASCII chars
const mutant = preAuthEncoding('\u0174\u0165\u0178\u0174/\u0170\u016c\u0161\u0169\u016e', payload);
console.log('PAE bytes equal:', original.equals(mutant)); // true — should be false
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.0"
},
"package": {
"ecosystem": "npm",
"name": "@sigstore/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48758"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T19:11:19Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nThe `preAuthEncoding` function in `@sigstore/core` uses Node.js `\u0027ascii\u0027` encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows `payloadType` to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designed to provide.\n\nIn `packages/core/src/dsse.ts`, the PAE function builds a string containing `payloadType` and then encodes it with `Buffer.from(prefix, \u0027ascii\u0027)`.\n\nIn Node.js, `\u0027ascii\u0027` encoding for string-to-Buffer is equivalent to `\u0027latin1\u0027`, which **truncates characters above U+00FF to their low byte**. This means for any ASCII character, there exist Unicode characters (at U+01xx, U+02xx, etc.) that produce the identical encoded byte:\n\n| Original | Codepoint | Mutant | Codepoint | Encoded byte |\n|----------|-----------|--------|-----------|--------------|\n| `t` | U+0074 | `\u0174` | U+0174 | `0x74` |\n| `e` | U+0065 | `\u0165` | U+0165 | `0x65` |\n\nAn attacker can substitute every character in `payloadType` with a Unicode variant whose low byte matches, producing **identical PAE bytes** and a passing signature verification.\n\nAdditionally, `payloadType.length` returns the JavaScript string length (UTF-16 code units) rather than the UTF-8 byte length required by the DSSE spec, though this is only a contributing factor for non-ASCII types.\n\n#### Reproduction\n\n```javascript\nconst { preAuthEncoding } = require(\u0027@sigstore/core/dist/dsse.js\u0027);\nconst payload = Buffer.from(\u0027hello world\u0027);\n\nconst original = preAuthEncoding(\u0027text/plain\u0027, payload);\n// U+01xx chars whose low bytes match the original ASCII chars\nconst mutant = preAuthEncoding(\u0027\\u0174\\u0165\\u0178\\u0174/\\u0170\\u016c\\u0161\\u0169\\u016e\u0027, payload);\n\nconsole.log(\u0027PAE bytes equal:\u0027, original.equals(mutant)); // true \u2014 should be false\n```",
"id": "GHSA-jfc7-64v2-mr8c",
"modified": "2026-06-26T19:11:20Z",
"published": "2026-06-26T19:11:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-js/security/advisories/GHSA-jfc7-64v2-mr8c"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/sigstore-js"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "@sigstore/core has DSSE payloadType type-binding failure"
}
GHSA-JFCQ-6QWC-XQVX
Vulnerability from github – Published: 2024-11-27 06:30 – Updated: 2026-03-06 21:30A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
{
"affected": [],
"aliases": [
"CVE-2024-52958"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-27T06:15:18Z",
"severity": "CRITICAL"
},
"details": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.",
"id": "GHSA-jfcq-6qwc-xqvx",
"modified": "2026-03-06T21:30:30Z",
"published": "2024-11-27T06:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52958"
},
{
"type": "WEB",
"url": "https://zuso.ai/advisory/za-2024-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JFVX-RJP6-P69P
Vulnerability from github – Published: 2023-12-29 03:30 – Updated: 2023-12-29 03:30Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
{
"affected": [],
"aliases": [
"CVE-2023-23431"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T02:15:43Z",
"severity": "HIGH"
},
"details": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n",
"id": "GHSA-jfvx-rjp6-p69p",
"modified": "2023-12-29T03:30:28Z",
"published": "2023-12-29T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23431"
},
{
"type": "WEB",
"url": "https://www.hihonor.com/global/security/cve-2023-23431"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFX2-WJCV-V5C8
Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-13 15:30Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2025-64740"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T15:15:53Z",
"severity": "HIGH"
},
"details": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.",
"id": "GHSA-jfx2-wjcv-v5c8",
"modified": "2025-11-13T15:30:31Z",
"published": "2025-11-13T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64740"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFXM-W8G2-4RCV
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2023-10-06 00:56A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-jose"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-0114"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-20T18:45:54Z",
"nvd_published_at": "2018-01-04T06:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.",
"id": "GHSA-jfxm-w8g2-4rcv",
"modified": "2023-10-06T00:56:10Z",
"published": "2022-05-13T01:17:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0114"
},
{
"type": "PACKAGE",
"url": "https://github.com/cisco/node-jose"
},
{
"type": "WEB",
"url": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://github.com/zi0Black/POC-CVE-2018-0114"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124130907/http://www.securityfocus.com/bid/102445"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cisco node-jose improper validation of JWT signature"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.