3 matches found
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
PT-2025-23537 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential algorithm confusion attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow an attacker to supply a...
PT-2025-23540 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential timing attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow users to reconstruct the correct HMAC...