Carbon 1.5.1 : Security Hot fix for XML signature HMAC truncation authentication bypass

View: New views

1 Messages — Rating Filter: Alert me

by Prabath Siriwardena-2 :: Rate this Message:

The XML Signature specification allows for HMAC truncation, which may
allow a remote attacker to bypass authentication.

This issue was disclosed to public few minutes before [1].

If you are a Carbon 1.5.1 base product user please apply the security
fix available at [2].

Also please note that this issue is *NOT* present in Carbon 2.0.0 base
releases done recently.

Thanks & regards.
-Prabath

[1]: http://www.kb.cert.org/vuls/id/466161
[2]:http://dist.wso2.org/products/carbon/1.5.1/service_pack/WSO2-CARBON-1.5.1-SERVICE-PACK-1.zip
[3]:https://www.wso2.org/downloads/carbon/security_hot_fix

_______________________________________________
Esb-java-user mailing list
Esb-java-user@...
https://wso2.org/cgi-bin/mailman/listinfo/esb-java-user