{"uuid": "e43683dd-c61d-41a4-85c5-131a8de06769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/237", "content": "Hello, my Alice .\ud83c\udf80\u2728\n\nHere's a fun vulnerability in the Oracle Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE - CVE-2022-21449 \n\nTo begin with a preface \u2728\n\nECDSA is a widely used standard for signing all kinds of digital documents.\nCompared to the older RSA standard, elliptic curve keys and signatures tend to be much smaller for equivalent security, resulting in their widespread use where size matters\ud83d\ude43\nFor example, the WebAuthn standard for two-factor authentication allows device manufacturers to choose from a wide range of signature algorithms, but in practice almost all devices manufactured now support only ECDSA signatures (a notable exception is Windows Hello, which uses RSA). Signatures.\n\nECDSA consists of two values called r and s . \nTo verify an ECDSA signature, the verifier checks an equation that includes r , s , the signer's public key, and the message hash. If the two parts of the equation are equal, the signature is valid, otherwise it is rejected. \n\nOne part of the equation is equal to r , and the other part is multiplied by r and the value obtained from s . So obviously it would be very bad if r and s were equal to 0, because then you would be checking that 0 = 0 \u2a09 [a bunch of stuff] , which would be true regardless of the value of [a bunch of stuff] . ] ! And that pile of things are important bits, such as the message and the public key. \nThat's why the very first check in the ECDSA checking algorithm is to make sure that r and s are both >= 1.\n\nJava forgot to do an implementation of ECDSA signature checking in Java roughly it didn't check if r or s were equal to zero, so you can create a signature value where they are both 0 \ud83d\ude36\u200d\ud83c\udf2b\ufe0f and Java will accept it as a valid signature for any message and for any publicly available message. \n\nHere's an article with more details link \nHere is the scanner and confirmation of its use:\nImplementation and acknowledgement on go link\n Scanner for this python vulnerability link\n Be careful when working with java always check the code for vulnerability\ud83d\ude43\n\nAnd that's it . Thanks for reading. \u2764\ufe0f\nAnd to you dear Alice , have a good croquet game with the Cheshire cat\ud83d\udc08\n#cryptography #cve #scanners #java", "creation_timestamp": "2022-10-13T14:35:16.000000Z"}