all InfoSec news
ForgedAttributes: An Existential Forgery Vulnerability of CMS and PKCS#7 Signatures
Nov. 24, 2023, 2:42 a.m. |
IACR News www.iacr.org
ePrint Report: ForgedAttributes: An Existential Forgery Vulnerability of CMS and PKCS#7 Signatures
Falko Strenzke
This work describes an existential signature forgery vulnerability of the current CMS and PKCS#7 signature standards. The vulnerability results from an ambiguity of how to process the signed message in the signature verification process. Specifically, the absence or presence of the so called SignedAttributes field determines whether the signature message digest receives as input the message directly or the SignedAttributes, a DER-encoded structure which contains a …
cms current eprint report forgery message pkcs process report results signature signatures standards verification vulnerability work
More from www.iacr.org / IACR News
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Principal Business Value Consultant
@ Palo Alto Networks | Chicago, IL, United States
Cybersecurity Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Penetration Testing Engineer- Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Internal Audit- Compliance & Legal Audit-Dallas-Associate
@ Goldman Sachs | Dallas, Texas, United States
Threat Responder
@ Deepwatch | Remote