3 matches found
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
PT-2026-21935
Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...
Skyliner: DNSSEC misconfiguration
First of all I will start with some theory. DNS is a system to translate a domain name to an ip address. Normally a computer automatically trust a DNS server and connects to the IP provided by the DNS server. This is prone to security issues because a malicious wifi network, an attacker on your...