CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-63V5-26VQ-M4VM
Vulnerability from github – Published: 2026-01-26 21:30 – Updated: 2026-03-06 00:31A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "26.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1190"
],
"database_specific": {
"cwe_ids": [
"CWE-112",
"CWE-347",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-27T21:56:13Z",
"nvd_published_at": "2026-01-26T20:16:09Z",
"severity": "LOW"
},
"details": "A flaw was found in Keycloak\u0027s SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.",
"id": "GHSA-63v5-26vq-m4vm",
"modified": "2026-03-06T00:31:28Z",
"published": "2026-01-26T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1190"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/45646"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3947"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:3948"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-1190"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430835"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak\u0027s missing timestamp validation allows attackers to extend SAML response validity periods"
}
GHSA-64JX-M9PQ-GR8C
Vulnerability from github – Published: 2024-03-19 18:32 – Updated: 2024-05-22 18:30A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
{
"affected": [],
"aliases": [
"CVE-2024-2307"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-19T17:15:12Z",
"severity": "MODERATE"
},
"details": "A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.",
"id": "GHSA-64jx-m9pq-gr8c",
"modified": "2024-05-22T18:30:39Z",
"published": "2024-03-19T18:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2307"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2119"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2961"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-2307"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268513"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-66XJ-V6XW-92V4
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.
{
"affected": [],
"aliases": [
"CVE-2018-6459"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-20T15:29:00Z",
"severity": "MODERATE"
},
"details": "The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.",
"id": "GHSA-66xj-v6xw-92v4",
"modified": "2022-05-13T01:27:32Z",
"published": "2022-05-13T01:27:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6459"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201811-16"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-685J-342H-QP93
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
{
"affected": [],
"aliases": [
"CVE-2017-18407"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).",
"id": "GHSA-685j-342h-qp93",
"modified": "2024-04-04T01:30:25Z",
"published": "2022-05-24T16:52:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18407"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"type": "WEB",
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-69Q5-VHM6-656F
Vulnerability from github – Published: 2026-06-26 00:32 – Updated: 2026-06-27 21:30PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
{
"affected": [],
"aliases": [
"CVE-2026-7511"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T22:17:03Z",
"severity": "MODERATE"
},
"details": "PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.",
"id": "GHSA-69q5-vhm6-656f",
"modified": "2026-06-27T21:30:28Z",
"published": "2026-06-26T00:32:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7511"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10203"
},
{
"type": "WEB",
"url": "https://www.wolfssl.com/docs/security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-69X3-G4R3-P962
Vulnerability from github – Published: 2026-02-06 20:05 – Updated: 2026-02-07 00:33Impact
When using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint.
In order for this to affect a user or network, all of the following must be true:
* CURVE_P256 certificates are being used
* There are one or more entries on the blocklist
* The certificates for those entries are signed by a trusted CA and not expired
* An attacker has a copy of the private key, and corresponding certificate, for one of those blocklist entries
Patches
See attached
Workarounds
If full copies of each certificate on the existing blocklist are available, it is possible to compute their opposite-chirality signature, and then the appropriate second fingerprint to list in the blocklist.
Rotating out all CAs that have signed hosts on the blocklist will also prevent exploitation of this vulnerability.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.10.2"
},
"package": {
"ecosystem": "Go",
"name": "github.com/slackhq/nebula"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25793"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-06T20:05:35Z",
"nvd_published_at": "2026-02-06T23:15:54Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWhen using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint.\n\nIn order for this to affect a user or network, all of the following must be true:\n* `CURVE_P256` certificates are being used\n* There are one or more entries on the blocklist\n* The certificates for those entries are signed by a trusted CA and not expired\n* An attacker has a copy of the private key, and corresponding certificate, for one of those blocklist entries\n\n### Patches\n\nSee attached\n\n### Workarounds\n\nIf full copies of each certificate on the existing blocklist are available, it is possible to compute their opposite-chirality signature, and then the appropriate second fingerprint to list in the blocklist.\n\nRotating out all CAs that have signed hosts on the blocklist will also prevent exploitation of this vulnerability.",
"id": "GHSA-69x3-g4r3-p962",
"modified": "2026-02-07T00:33:38Z",
"published": "2026-02-06T20:05:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25793"
},
{
"type": "WEB",
"url": "https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21"
},
{
"type": "PACKAGE",
"url": "https://github.com/slackhq/nebula"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Blocklist Bypass possible via ECDSA Signature Malleability"
}
GHSA-6CGH-HJPW-Q3GQ
Vulnerability from github – Published: 2021-07-02 19:20 – Updated: 2021-07-02 18:25The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed the transaction and has been fixed so that it does in v8.2.3.
Applications that also used Utils.verifyChallengeTxThreshold or Utils.verifyChallengeTxSigners to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction.
Applications calling Utils.readChallengeTx should update to v8.2.3 to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "stellar-sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32738"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-02T18:25:08Z",
"nvd_published_at": "2021-07-02T19:15:00Z",
"severity": "MODERATE"
},
"details": "The `Utils.readChallengeTx` function used in [SEP-10 Stellar Web Authentication](https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md) states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. The function does not verify that the server has signed the transaction and has been fixed so that it does in v8.2.3.\n\nApplications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction.\n\nApplications calling `Utils.readChallengeTx` should update to v8.2.3 to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.",
"id": "GHSA-6cgh-hjpw-q3gq",
"modified": "2021-07-02T18:25:08Z",
"published": "2021-07-02T19:20:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32738"
},
{
"type": "WEB",
"url": "https://github.com/stellar/js-stellar-sdk/commit/6f0bb889c2d10b431ddd5f4a1bcdd519c80430b3"
},
{
"type": "WEB",
"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Utils.readChallengeTx does not verify the server account signature"
}
GHSA-6FC2-JR2C-4P94
Vulnerability from github – Published: 2024-07-08 18:31 – Updated: 2025-11-04 18:31A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-34435"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-08T16:15:02Z",
"severity": "HIGH"
},
"details": "A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-6fc2-jr2c-4p94",
"modified": "2025-11-04T18:31:06Z",
"published": "2024-07-08T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34435"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1874"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1874"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6FWH-897J-M5CJ
Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2024-02-08 21:30Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.
{
"affected": [],
"aliases": [
"CVE-2002-1706"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-12-31T05:00:00Z",
"severity": "MODERATE"
},
"details": "Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.",
"id": "GHSA-6fwh-897j-m5cj",
"modified": "2024-02-08T21:30:29Z",
"published": "2022-04-30T18:21:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1706"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9368"
},
{
"type": "WEB",
"url": "http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/5041"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6G3C-2MH5-7Q6X
Vulnerability from github – Published: 2021-04-19 14:56 – Updated: 2023-09-25 16:03Impact
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT.
Patches
The issue will be patched in the upcoming 5.2.1 release.
For more information
If you have any questions or comments about this advisory: * Open an issue in https://github.com/ManyDesigns/Portofino
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.manydesigns:portofino-dispatcher"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.manydesigns:portofino-core"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29451"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-16T22:57:13Z",
"nvd_published_at": "2021-04-16T22:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n[Portofino](https://github.com/ManyDesigns/Portofino) is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens.\nThis allows forging a valid JWT.\n\n### Patches\nThe issue will be patched in the upcoming 5.2.1 release.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [https://github.com/ManyDesigns/Portofino](https://github.com/ManyDesigns/Portofino)",
"id": "GHSA-6g3c-2mh5-7q6x",
"modified": "2023-09-25T16:03:47Z",
"published": "2021-04-19T14:56:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29451"
},
{
"type": "WEB",
"url": "https://github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637f9f23d8fb"
},
{
"type": "WEB",
"url": "https://mvnrepository.com/artifact/com.manydesigns/portofino"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Missing validation of JWT signature in `ManyDesigns/Portofino`"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.