Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-21405

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-15 Apr, 2021 | 21:35
Updated At-03 Aug, 2024 | 18:09
Rejected At-
Credits

BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:15 Apr, 2021 | 21:35
Updated At:03 Aug, 2024 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)
BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

Affected Products
Vendor
filecoin-project
Product
lotus
Versions
Affected
  • < 1.5.0
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
x_refsource_CONFIRM
https://github.com/filecoin-project/lotus/pull/5393
x_refsource_MISC
https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
x_refsource_MISC
Hyperlink: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/filecoin-project/lotus/pull/5393
Resource:
x_refsource_MISC
Hyperlink: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
x_refsource_CONFIRM
x_transferred
https://github.com/filecoin-project/lotus/pull/5393
x_refsource_MISC
x_transferred
https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/filecoin-project/lotus/pull/5393
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:15 Apr, 2021 | 22:15
Updated At:23 Apr, 2021 | 14:40

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

filecoin
filecoin
>>lotus>>Versions before 1.5.0(exclusive)
cpe:2.3:a:filecoin:lotus:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-347Primarysecurity-advisories@github.com
CWE ID: CWE-347
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754security-advisories@github.com
Exploit
Third Party Advisory
https://github.com/filecoin-project/lotus/pull/5393security-advisories@github.com
Patch
Third Party Advisory
https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvhsecurity-advisories@github.com
Patch
Third Party Advisory
Hyperlink: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Source: security-advisories@github.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/filecoin-project/lotus/pull/5393
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

106Records found

CVE-2020-15093
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-1.36% / 68.56%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 18:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper verification of signature threshold in tough

The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.

Action-Not Available
Vendor-amazonawslabs
Product-toughtough
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.24%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 07:04
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.

Action-Not Available
Vendor-oasis-openn/a
Product-oasis_digital_signature_servicesn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.73%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 20:48
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

Action-Not Available
Vendor-n/aAviatrix Systems, Inc.
Product-controllern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.54%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 17:23
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

Action-Not Available
Vendor-sylabsn/a
Product-singularityn/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-3347
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.39% / 31.30%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 14:54
Updated-20 Nov, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectSamba
Product-storageenterprise_linuxfedorasambaRed Hat Enterprise Linux 9Red Hat Storage 3Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVE-2020-11093
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.74%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 20:05
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization bypass in Hyperledger Indy

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID.

Action-Not Available
Vendor-hyperledgerThe Linux Foundation
Product-indy-nodeindy-node
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-9793
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 2.14%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 03:44
Updated-03 Jun, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leading to a compromise of data integrity within the OpenID Connect (OIDC) authorization flow. While a redirect URI allowlist acts as a compensating control, this vulnerability violates OIDC Core and Financial-grade API (FAPI) signing requirements.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat Build of Keycloak
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-25934
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 18.63%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 06:58
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageECS
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-47949
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.46% / 36.88%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:28
Updated-19 Sep, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Action-Not Available
Vendor-samlify_projecttngan
Product-samlifysamlify
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-22742
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.58% / 43.85%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 22:49
Updated-10 Mar, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.

Action-Not Available
Vendor-libgit2libgit2
Product-libgit2libgit2
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-17561
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.64%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 18:44
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-netbeansgraalvmApache NetBeans
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-7511
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.72%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 21:32
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7_verify signer confusion allows forged signatures to be accepted

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-6331
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-2.1||LOW
EPSS-0.15% / 4.41%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 20:56
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HMAC zero-length tag forgery in EVP_DigestVerifyFinal

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-15545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.35%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 17:07
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.

Action-Not Available
Vendor-libp2pn/a
Product-libp2pn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-40012
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 10.03%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 15:33
Updated-03 Oct, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uthenticode EKU validation bypass

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a "signed" PE file that uthenticode would verify and consider valid using an X.509 certificate that isn't entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability.

Action-Not Available
Vendor-trailofbitstrailofbits
Product-uthenticodeuthenticode
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2022-46176
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 47.01%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 20:07
Updated-10 Mar, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cargo did not verify SSH host keys

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible.

Action-Not Available
Vendor-rust-langrust-lang
Product-cargocargo
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-33054
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.49%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 14:40
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)

Action-Not Available
Vendor-inversen/aDebian GNU/Linux
Product-debian_linuxsogon/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-49079
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.40% / 32.29%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 18:56
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Misskey's missing signature validation allows arbitrary users to impersonate any remote user.

Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.

Action-Not Available
Vendor-misskeymisskey-dev
Product-misskeymisskey
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-11841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-2.00% / 78.54%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 00:00
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGo
Product-cryptodebian_linuxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2016-1000342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.80% / 76.00%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 13:00
Updated-12 May, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Action-Not Available
Vendor-bouncycastlen/aDebian GNU/Linux
Product-debian_linuxbc-javan/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-12269
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 64.19%
||
7 Day CHG~0.00%
Published-21 May, 2019 | 19:50
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.

Action-Not Available
Vendor-enigmailn/a
Product-enigmailn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-11755
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 61.22%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:10
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-29915
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.39%
||
7 Day CHG+0.02%
Published-10 Apr, 2025 | 19:51
Updated-29 May, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata af-packet: defrag option can lead to truncated packets affecting visibility

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-29455
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 51.07%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 19:05
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation of JWT signature in `grassrootza/grassroot-platform`

Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the "refresh" flow is no longer used).

Action-Not Available
Vendor-grassrootgrassrootza
Product-grassroot_platformgrassroot-platform
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-28091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.76%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 14:39
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

Action-Not Available
Vendor-entrouvertn/aDebian GNU/LinuxFedora Project
Product-lassodebian_linuxfedoran/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-55961
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.10% / 0.82%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:51
Updated-26 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-54773
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 14.80%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 22:09
Updated-10 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause WSSecurityOneDotZeroReceiveSecurityHeader to verify an attacker-supplied signature instead of the security header signature. This issue is fixed in versions 1.8.1 and 1.9.1.

Action-Not Available
Vendor-CoreWCF
Product-CoreWCF
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-7644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 66.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 14:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.

Action-Not Available
Vendor-simplesamlphpn/a
Product-simplesamlphpn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2005-2181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.42%
||
7 Day CHG~0.00%
Published-10 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ip_phone_7940_firmwareip_phone_7940ip_phone_7960ip_phone_7960_firmwaren/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-5050
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.21% / 10.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 05:29
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from the request before accepting payment status across the Redsys, Bizum, and Google Pay gateway flows. This makes it possible for unauthenticated attackers to forge payment callback data and mark pending orders as paid when they know a valid order key and order amount, potentially allowing checkout completion and product or service fulfillment without a successful payment.

Action-Not Available
Vendor-jconti
Product-Payment Gateway for Redsys & WooCommerce Lite
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-48815
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 8.77%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:27
Updated-15 Jul, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sigstore-js: `certificateOIDs` verification constraints are silently dropped and never enforced

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1.

Action-Not Available
Vendor-sigstore
Product-sigstore-js
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-49834
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.58%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:20
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sigstore-go: Multi-log threshold bypass via single compromised log

sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) counts verified witnesses per entry or per validation path rather than per log authority, allowing a single compromised transparency log or CT log to satisfy multi-log threshold requirements and defeat the multi-log policy. This issue is fixed in version 1.2.0.

Action-Not Available
Vendor-sigstore
Product-sigstore-go
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-25636
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.98% / 58.30%
||
7 Day CHG+0.02%
Published-22 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect trust validation of signature with ambiguous KeyInfo children

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

Action-Not Available
Vendor-libreofficeThe Document FoundationFedora Project
Product-fedoralibreofficeLibreOffice
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-44714
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.76%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 16:51
Updated-18 May, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify that the public key is the one committed to by the output being spent. As a result, any attacker keypair can satisfy bitcoinj's local verification for arbitrary P2PKH and P2WPKH outputs. This vulnerability is fixed in 0.17.1.

Action-Not Available
Vendor-bitcoinj
Product-bitcoinj
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-18509
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.68% / 74.29%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 16:13
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-16152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.89% / 77.22%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 21:00
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Debian GNU/Linux
Product-strongswanubuntu_linuxdebian_linuxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-34240
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 2.98%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 15:44
Updated-06 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.

Action-Not Available
Vendor-appsup-dartappsup-dart
Product-josejose
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-15598
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 8.15%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 09:32
Updated-05 Mar, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

Action-Not Available
Vendor-FIT2CLOUD Inc.DataEase (FIT2CLOUD Inc.)
Product-sqlbotSQLBot
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-12019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.14% / 80.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 23:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.

Action-Not Available
Vendor-enigmailn/a
Product-enigmailn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-10470
Matching Score-4
Assigner-Objective Development Software GmbH
ShareView Details
Matching Score-4
Assigner-Objective Development Software GmbH
CVSS Score-5.3||MEDIUM
EPSS-0.64% / 46.53%
||
7 Day CHG~0.00%
Published-12 Jun, 2018 | 17:00
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.

Action-Not Available
Vendor-objective_developmentObjective Development Software GmbHApple Inc.
Product-macoslittle_snitchLittle Snitch
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-1000539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.78% / 51.74%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.

Action-Not Available
Vendor-json-jwt_projectn/a
Product-json-jwtn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-9153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.01% / 78.69%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 15:30
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

Action-Not Available
Vendor-openpgpjsn/a
Product-openpgpjsn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-9154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.62% / 73.31%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 15:39
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

Action-Not Available
Vendor-openpgpjsn/a
Product-openpgpjsn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-41340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.26%
||
7 Day CHG~0.00%
Published-24 Sep, 2022 | 18:22
Updated-22 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.

Action-Not Available
Vendor-secp256k1-js_projectn/a
Product-secp256k1-jsn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2016-1000338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.86% / 76.88%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 00:00
Updated-05 May, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Action-Not Available
Vendor-bouncycastlen/aRed Hat, Inc.NetApp, Inc.Canonical Ltd.
Product-satellite_capsulesatellite7-mode_transition_toolubuntu_linuxlegion-of-the-bouncy-castle-java-crytography-apin/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-3322
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 15.90%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:25
Updated-05 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass on WARP mobile client using iOS quick action

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warp_mobile_clientWARP
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-28042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.33% / 81.58%
||
7 Day CHG~0.00%
Published-01 Nov, 2020 | 04:50
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.

Action-Not Available
Vendor-servicestackn/a
Product-servicestackn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2015-7336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.10%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:05
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-system_updaten/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24773
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.90% / 55.55%
||
7 Day CHG+0.02%
Published-18 Mar, 2022 | 13:30
Updated-23 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in `node-forge`

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

Action-Not Available
Vendor-digitalbazaardigitalbazaar
Product-forgeforge
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24772
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.39%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 13:30
Updated-23 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in `node-forge`

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

Action-Not Available
Vendor-digitalbazaardigitalbazaar
Product-forgeforge
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found