3 matches found
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...
CVE-2019-11841
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...
CVE-2016-9955
The CVE-2016-9955 issue affects SimpleSAMLphp up to version 1.14.10 via the SimpleSAML_XML_Validator constructor. Affected component: SimpleSAML_XML_Validator in SimpleSAMLphp; root cause: improper conversion of return values to boolean in signature validation, allowing an attacker to spoof signa...