all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ForgedAttributes: An Existential Forgery Vulnerability of CMS and PKCS#7 Signatures

Add to bookmarks
Nov. 24, 2023, 2:42 a.m. |

IACR News www.iacr.org

ePrint Report: ForgedAttributes: An Existential Forgery Vulnerability of CMS and PKCS#7 Signatures

Falko Strenzke


This work describes an existential signature forgery vulnerability of the current CMS and PKCS#7 signature standards. The vulnerability results from an ambiguity of how to process the signed message in the signature verification process. Specifically, the absence or presence of the so called SignedAttributes field determines whether the signature message digest receives as input the message directly or the SignedAttributes, a DER-encoded structure which contains a …

cms current eprint report forgery message pkcs process report results signature signatures standards verification vulnerability work

Visit resource

More from www.iacr.org / IACR News

EISA 2024: The 5th International Conference on Emerging Information Security and Applications 3 hours ago | www.iacr.org
applications august calendar china +13
Multiple academic teaching positions 3 hours ago | www.iacr.org
academic candidates computer computer science +12
ISCISC 2024: 21st International ISC Conference on Information Security and Cryptology 3 hours ago | www.iacr.org
august calendar conference cryptology +13
CRYPTOLOGY2024: 9th International Cryptology and Information Security Conference 2024 3 hours ago | www.iacr.org
calendar conference cryptology date +13
Security in Times of Surveillance 3 hours ago | www.iacr.org
calendar date event event calendar +4
Mempool Privacy via Batched Threshold Encryption: Attacks and Defenses 7 hours ago | www.iacr.org
applications attacks defenses defi +12
Blockchain Price vs. Quantity Controls 7 hours ago | www.iacr.org
blockchain blockchains controls cryptocurrency +8
Agile, Post-quantum Secure Cryptography in Avionics 15 hours ago | www.iacr.org
aaron agile alice avionics +20
Private Analytics via Streaming, Sketching, and Silently Verifiable Proofs 15 hours ago | www.iacr.org
ada analytics collection compute +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Principal Business Value Consultant

@ Palo Alto Networks | Chicago, IL, United States
View on infosec-jobs.com

Cybersecurity Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Penetration Testing Engineer- Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Internal Audit- Compliance & Legal Audit-Dallas-Associate

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Threat Responder

@ Deepwatch | Remote
View on infosec-jobs.com
View more jobs