Improper Key Verification

xml-crypto is vulnerable to improper key verification. An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation...

Improper Key Verification

Overview Versions 0.1.1 or 0.1.2 of ipns are vulnerable to improper key validation. This is due to the public key verification was not being performed properly, resulting in any key being valid. Recommendation Update to version 0.1.3 or later. References -...