hello all,
I would like to know if wss4j is vulnerable to naive sign and encrypt trick, because according to
http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
approximately, if Alice send a signed message to bob, can bob send the
same message to charlie signed with alice signature (that it have
receive), and thus make believe charlie that it is Alice which have
send the message
Also, would like to know youre response to http://neubia.com/archives/000363.html
,is wss4j immune against such tricks.
thank you alot.
--
Anass Merzak
- is wss4j vulnerable to naive sign and encrypt anass merzak
- Re: is wss4j vulnerable to naive sign and encrypt Ruchith Fernando
