DO NOT REPLY [Bug 47527] New: XML signature HMAC truncation authentication bypass

bugzilla Tue, 14 Jul 2009 12:00:07 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=47527


           Summary: XML signature HMAC truncation authentication bypass
           Product: Security
           Version: C++ 1.5.0
          Platform: All
               URL: http://www.kb.cert.org/vuls/id/466161
        OS/Version: All
            Status: NEW
          Severity: blocker
          Priority: P1
         Component: C++ Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: canto...@osu.edu


Apache XML Security (C++) is affected by the vulnerability published in US-Cert
VU #466161. See: http://www.kb.cert.org/vuls/id/466161 for more information.
This bug can allow an attacker to bypass authentication by inserting/modifying
a small HMAC truncation length parameter in the XML Signature HMAC based
SignatureMethod algorithms.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

DO NOT REPLY [Bug 47527] New: XML signature HMAC truncation authentication bypass

Reply via email to