DO NOT REPLY [Bug 47526] New: XML signature HMAC truncation authentication bypass

bugzilla Tue, 14 Jul 2009 11:35:51 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=47526


           Summary: XML signature HMAC truncation authentication bypass
           Product: Security
           Version: Java 1.4.2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P1
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: sean.mul...@sun.com


Apache XML Security (Java) is affected by the vulnerability published in
US-Cert VU #466161. See: http://www.kb.cert.org/vuls/id/466161 for more
information. This bug can allow an attacker to bypass authentication by
inserting/modifying a small HMAC truncation length parameter in the XML
Signature HMAC based SignatureMethod algorithms.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

DO NOT REPLY [Bug 47526] New: XML signature HMAC truncation authentication bypass

Reply via email to