GHSA-X3M8-899R-F7C3 xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment

Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...

CVE-2023-49087 Validation of SignedInfo

xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree the one that contain...

xml-security Data Forgery Issue Vulnerability

xml-security is SimpleSAMLphp open source library. xml-security version 1.6.11, saml2 5.0.0-alpha.13 version of the data forgery problem vulnerability , the vulnerability stems from the XML signature validation needs to verify that the hash value of the XML document in question matches a specific...

Validation of SignedInfo

Validation of an XML Signature requires verification that the hash value of the related XML-document after any optional transformations and/or normalizations matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree the one that contains the DigestValue...

PT-2023-8931 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: simplesamlphp/xml-security versions prior to 1.6.12 simplesamlphp/xml-security versions prior to 5.0.0-alpha.13 Description: The issue is related to insufficient validation of XML signatures, which could allow a remote attacker to forge SAML...