36 matches found
Incorrect Implementation of Authentication Algorithm
Overview signxml is a Python XML Signature and XAdES library Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the improper handling of signature verification settings when requirex509 is set to false and hmackey is specified. An...
alertwise (=1.0.0) potentially affected by CVE-2025-48994 via signxml (=4.0.2)
signxml PYPI version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on signxml and may be impacted: - alertwise =1.0.0 Source cves: CVE-2025-48994 Source advisory: SNYK:PYTHON-SIGNXML-10303863...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995
CVE-2025-48995 affects SignXML (Python implementation of W3C XML Signature) prior to 4.0.4. When verify() is called with require_x509=False and an HMAC secret (hmac_key=...), the timing-based vulnerability may leak information about the correct HMAC during the comparison, enabling reconstruction ...
CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
SignXML 安全漏洞
SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from a timing attack flaw that could lead to HMAC key disclosure...
PT-2025-23540 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential timing attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow users to reconstruct the correct HMAC...
PT-2025-23537 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential algorithm confusion attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow an attacker to supply a...
SignXML 安全漏洞
SignXML is an open source XML signing and XAdES library for Python from XML-Security. A security vulnerability exists in SignXML versions prior to 4.0.4, which stems from an algorithm obfuscation flaw that could lead to the use of unintended keys to verify signatures...