CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-7FPJ-9HR8-28VH
Vulnerability from github – Published: 2024-04-17 18:25 – Updated: 2024-11-18 17:28Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.0.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "23.0.0"
},
{
"fixed": "24.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-0657"
],
"database_specific": {
"cwe_ids": [
"CWE-273",
"CWE-284",
"CWE-287",
"CWE-290",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-17T18:25:59Z",
"nvd_published_at": "2024-11-17T11:15:05Z",
"severity": "LOW"
},
"details": "Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.\n\n",
"id": "GHSA-7fpj-9hr8-28vh",
"modified": "2024-11-18T17:28:39Z",
"published": "2024-04-17T18:25:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0657"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1867"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1868"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-0657"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166728"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak vulnerable to impersonation via logout token exchange"
}
GHSA-7G2H-2MGX-VHPC
Vulnerability from github – Published: 2024-12-03 12:31 – Updated: 2024-12-03 12:31Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.
{
"affected": [],
"aliases": [
"CVE-2024-47476"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-03T10:15:05Z",
"severity": "HIGH"
},
"details": "Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.",
"id": "GHSA-7g2h-2mgx-vhpc",
"modified": "2024-12-03T12:31:11Z",
"published": "2024-12-03T12:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47476"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000255884/dsa-2024-477-security-update-for-dell-networker-runtime-environment-nre-multiple-component-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G3P-MPGP-Q5C5
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-03-24 18:30A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.
{
"affected": [],
"aliases": [
"CVE-2019-1809"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-15T23:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.",
"id": "GHSA-7g3p-mpgp-q5c5",
"modified": "2023-03-24T18:30:22Z",
"published": "2022-05-24T16:45:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1809"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-psvb"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108375"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G5X-9C4V-4W5R
Vulnerability from github – Published: 2026-02-27 09:30 – Updated: 2026-02-28 02:44A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-12150"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-28T02:44:46Z",
"nvd_published_at": "2026-02-27T09:16:15Z",
"severity": "LOW"
},
"details": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.",
"id": "GHSA-7g5x-9c4v-4w5r",
"modified": "2026-02-28T02:44:46Z",
"published": "2026-02-27T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12150"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/35110"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/43723"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21370"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22088"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:22089"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-12150"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass"
}
GHSA-7GH2-8Q93-87HP
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2023-10-05 19:26Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "gogentooss/samlbase"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-5387"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-07T19:21:30Z",
"nvd_published_at": "2018-07-24T15:29:00Z",
"severity": "HIGH"
},
"details": "Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.",
"id": "GHSA-7gh2-8q93-87hp",
"modified": "2023-10-05T19:26:56Z",
"published": "2022-05-13T01:02:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5387"
},
{
"type": "WEB",
"url": "https://github.com/GoGentoOSS/SAMLBase/issues/3"
},
{
"type": "WEB",
"url": "https://github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3"
},
{
"type": "WEB",
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"type": "PACKAGE",
"url": "https://github.com/GoGentoOSS/SAMLBase"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": " Wizkunde SAMLBase SAML Bypass"
}
GHSA-7JJM-882P-F82J
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
The specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-21817.
{
"affected": [],
"aliases": [
"CVE-2023-50228"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:16:11Z",
"severity": "HIGH"
},
"details": "Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-21817.",
"id": "GHSA-7jjm-882p-f82j",
"modified": "2024-05-03T03:31:06Z",
"published": "2024-05-03T03:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50228"
},
{
"type": "WEB",
"url": "https://kb.parallels.com/en/125013"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1803"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JQ6-7F95-HV67
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30Windows Cryptographic Services Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26228"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:42Z",
"severity": "HIGH"
},
"details": "Windows Cryptographic Services Security Feature Bypass Vulnerability",
"id": "GHSA-7jq6-7f95-hv67",
"modified": "2024-04-09T18:30:25Z",
"published": "2024-04-09T18:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26228"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26228"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7MVR-C777-76HP
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-24 20:05Summary
Use of curl with the -k (or --insecure) flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle (MitM) attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications.
Details
The following scripts in the microsoft/playwright repository at commit bee11cbc28f24bd18e726163d0b9b1571b4f26a8 use curl -k to fetch and install executable packages without verifying the authenticity of the SSL certificate:
packages/playwright-core/bin/reinstall_chrome_beta_mac.shpackages/playwright-core/bin/reinstall_chrome_stable_mac.shpackages/playwright-core/bin/reinstall_msedge_dev_mac.shpackages/playwright-core/bin/reinstall_msedge_beta_mac.shpackages/playwright-core/bin/reinstall_msedge_stable_mac.sh
In each case, the shell scripts download a browser installer package using curl -k and immediately install it:
curl --retry 3 -o ./<pkg-file> -k <url>
sudo installer -pkg /tmp/<pkg-file> -target /
Disabling SSL verification (-k) means the download can be intercepted and replaced with malicious content.
PoC
A high-level exploitation scenario:
- An attacker performs a MitM attack on a network where the victim runs one of these scripts.
- The attacker intercepts the HTTPS request and serves a malicious package (for example, a trojaned browser installer).
- Because
curl -kis used, the script downloads and installs the attacker's payload without any certificate validation. - The attacker's code is executed with system privileges, leading to full compromise.
No special configuration is needed: simply running these scripts on any untrusted or hostile network is enough.
Impact
This is a critical Remote Code Execution (RCE) vulnerability due to improper SSL certificate validation (CWE-295: Improper Certificate Validation). Any user or automation running these scripts is at risk of arbitrary code execution as root/admin, system compromise, data theft, or persistent malware installation. The risk is especially severe because browser packages are installed with elevated privileges and the scripts may be used in CI/CD or developer environments.
Fix
- https://github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570
- https://github.com/microsoft/playwright/pull/37532
- https://github.com/microsoft/playwright/releases/tag/v1.56.0
Credit
- This vulnerability was uncovered by tooling by Socket
- This vulnerability was confirmed by @evilpacket
- This vulnerability was reported by @JLLeitschuh at Socket
Disclosure
- September 10th, 2025 - Disclosed to Microsoft privately via https://github.com/microsoft/playwright/security/advisories/GHSA-gx27-2j22-qcx8
- September 11th, 2025 - Reported to Microsoft via MSRC Researcher Portal - https://msrc.microsoft.com/report/vulnerability/VULN-162854
- September 11th, 2025 - Microsoft closed report as "Complete - N/A"
- September 18th, 2025 - Following a LinkedIn Post
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "playwright"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.55.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59288"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-20T14:19:32Z",
"nvd_published_at": "2025-10-14T17:16:11Z",
"severity": "HIGH"
},
"details": "### Summary\nUse of `curl` with the `-k` (or `--insecure`) flag in installer scripts allows attackers to deliver arbitrary executables via Man-in-the-Middle (MitM) attacks. This can lead to full system compromise, as the downloaded files are installed as privileged applications.\n\n### Details\nThe following scripts in the `microsoft/playwright` repository at commit [`bee11cbc28f24bd18e726163d0b9b1571b4f26a8`](https://github.com/microsoft/playwright/commit/bee11cbc28f24bd18e726163d0b9b1571b4f26a8) use `curl -k` to fetch and install executable packages without verifying the authenticity of the SSL certificate:\n\n\n- [`packages/playwright-core/bin/reinstall_chrome_beta_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_chrome_beta_mac.sh)\n- [`packages/playwright-core/bin/reinstall_chrome_stable_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_chrome_stable_mac.sh)\n- [`packages/playwright-core/bin/reinstall_msedge_dev_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_msedge_dev_mac.sh)\n- [`packages/playwright-core/bin/reinstall_msedge_beta_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_msedge_beta_mac.sh)\n- [`packages/playwright-core/bin/reinstall_msedge_stable_mac.sh`](https://github.com/microsoft/playwright/blob/bee11cbc28f24bd18e726163d0b9b1571b4f26a8/packages/playwright-core/bin/reinstall_msedge_stable_mac.sh)\n\nIn each case, the shell scripts download a browser installer package using `curl -k` and immediately install it:\n\n```shell\ncurl --retry 3 -o ./\u003cpkg-file\u003e -k \u003curl\u003e\nsudo installer -pkg /tmp/\u003cpkg-file\u003e -target /\n```\n\nDisabling SSL verification (`-k`) means the download can be intercepted and replaced with malicious content.\n\n### PoC\nA high-level exploitation scenario:\n\n1. An attacker performs a MitM attack on a network where the victim runs one of these scripts.\n2. The attacker intercepts the HTTPS request and serves a malicious package (for example, a trojaned browser installer).\n3. Because `curl -k` is used, the script downloads and installs the attacker\u0027s payload without any certificate validation.\n4. The attacker\u0027s code is executed with system privileges, leading to full compromise.\n\nNo special configuration is needed: simply running these scripts on any untrusted or hostile network is enough.\n\n### Impact\nThis is a critical Remote Code Execution (RCE) vulnerability due to improper SSL certificate validation (CWE-295: Improper Certificate Validation). Any user or automation running these scripts is at risk of arbitrary code execution as root/admin, system compromise, data theft, or persistent malware installation. The risk is especially severe because browser packages are installed with elevated privileges and the scripts may be used in CI/CD or developer environments.\n\n### Fix\n\n - https://github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570\n - https://github.com/microsoft/playwright/pull/37532\n - https://github.com/microsoft/playwright/releases/tag/v1.56.0\n\n### Credit\n\n- This vulnerability was uncovered by tooling by [Socket](https://socket.dev/)\n- This vulnerability was confirmed by @evilpacket\n- This vulnerability was reported by @JLLeitschuh at Socket\n\n### Disclosure\n - September 10th, 2025 - Disclosed to Microsoft privately via https://github.com/microsoft/playwright/security/advisories/GHSA-gx27-2j22-qcx8\n - September 11th, 2025 - Reported to Microsoft via MSRC Researcher Portal - https://msrc.microsoft.com/report/vulnerability/VULN-162854\n - September 11th, 2025 - Microsoft closed report as \"Complete - N/A\"\n - September 18th, 2025 - Following a [LinkedIn Post](https://www.linkedin.com/posts/jonathan-leitschuh_its-a-sad-state-of-the-world-when-i-acknowledge-activity-7374601182117511168--wnI?utm_source=social_share_send\u0026utm_medium=member_desktop_web\u0026rcm=ACoAAA0SLMUBScBUspIv0-LQ1ecAwsqt5l81eG4)",
"id": "GHSA-7mvr-c777-76hp",
"modified": "2025-10-24T20:05:47Z",
"published": "2025-10-14T18:30:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SocketDev/security-research/security/advisories/GHSA-qxm8-4v54-964r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59288"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/playwright/pull/37532"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/playwright/commit/72c62d840247d9defd87c6beb0344d456794b570"
},
{
"type": "PACKAGE",
"url": "https://github.com/microsoft/playwright"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/playwright/releases/tag/v1.55.1"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/playwright/releases/tag/v1.56.0"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59288"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate"
}
GHSA-7QHR-G3XW-3692
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.
{
"affected": [],
"aliases": [
"CVE-2021-41830"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-11T08:15:00Z",
"severity": "HIGH"
},
"details": "It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.",
"id": "GHSA-7qhr-g3xw-3692",
"modified": "2022-05-24T19:17:14Z",
"published": "2022-05-24T19:17:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41830"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r97d287c88881aa581f1b18cb01e2cbedc4e6eae85958491acb89b12e%40%3Cusers.openoffice.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raaab8a3b91f8d7b7ba14f873b8d0fd13952c823acc3385b7a374e754@%3Cannounce.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7R96-8G3X-G36M
Vulnerability from github – Published: 2021-06-28 17:16 – Updated: 2026-01-23 22:42Impact
The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid.
Patches
Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the verification method, the previous signatures are still valid. We highly recommend reverifying any signatures that were previously verified with the vulnerable verifyWithMessage method.
Workarounds
In tenvoy.js under the verifyWithMessage method definition within the tEnvoyNaClSigningKey class, ensure that the return statement call to this.verify ends in .verified. For example, the return statement should start with return this.verify(signed, password).verified && instead of return this.verify(signed, password) &&.
For more information
If you have any questions or comments about this advisory: * Open an issue in github.com/TogaTech/tEnvoy
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tenvoy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32685"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-16T20:14:25Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\nThe `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid.\n\n### Patches\nUpgrade to `v7.0.3` immediately to resolve this issue. Since the vulnerability lies within the verification method, the previous signatures are still valid. We highly recommend reverifying any signatures that were previously verified with the vulnerable `verifyWithMessage` method.\n\n### Workarounds\nIn `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. For example, the return statement should start with `return this.verify(signed, password).verified \u0026\u0026 ` instead of `return this.verify(signed, password) \u0026\u0026 `.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [github.com/TogaTech/tEnvoy](https://github.com/TogaTech/tEnvoy)",
"id": "GHSA-7r96-8g3x-g36m",
"modified": "2026-01-23T22:42:09Z",
"published": "2021-06-28T17:16:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TogaTech/tEnvoy/security/advisories/GHSA-7r96-8g3x-g36m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32685"
},
{
"type": "WEB",
"url": "https://github.com/TogaTech/tEnvoy/commit/a121b34a45e289d775c62e58841522891dee686b"
},
{
"type": "PACKAGE",
"url": "https://github.com/TogaTech/tEnvoy"
},
{
"type": "WEB",
"url": "https://github.com/TogaTech/tEnvoy/releases/tag/v7.0.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Cryptographic Signature"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.