|

»

Apache XML - Security - Dev

DO NOT REPLY [Bug 47527] New: XML signature HMAC truncation authentication bypass

View: New views

3 Messages — Rating Filter: Alert me

	DO NOT REPLY [Bug 47527] New: XML signature HMAC truncation authentication bypass by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=47527 Summary: XML signature HMAC truncation authentication bypass Product: Security Version: C++ 1.5.0 Platform: All URL: http://www.kb.cert.org/vuls/id/466161 OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: C++ Signature AssignedTo: security-dev@... ReportedBy: cantor.2@... Apache XML Security (C++) is affected by the vulnerability published in US-Cert VU #466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow an attacker to bypass authentication by inserting/modifying a small HMAC truncation length parameter in the XML Signature HMAC based SignatureMethod algorithms. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
	DO NOT REPLY [Bug 47527] XML signature HMAC truncation authentication bypass by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=47527 Scott Cantor <cantor.2@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|NEW \|RESOLVED Resolution\| \|FIXED --- Comment #1 from Scott Cantor <cantor.2@...> 2009-07-14 12:04:35 PST --- Fix in svn, will be released in 1.5.1. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
	DO NOT REPLY [Bug 47527] XML signature HMAC truncation authentication bypass by Bugzilla from bugzilla@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message https://issues.apache.org/bugzilla/show_bug.cgi?id=47527 Scott Cantor <cantor.2@...> changed: What \|Removed \|Added ---------------------------------------------------------------------------- Status\|RESOLVED \|CLOSED -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.