Improper Certificate Verification in Szafir SDK

Vulnerability

Szafir SDK (all versions below 463) contains a flaw in its digital signature verification process. When the trust status of the signer's certificate cannot be established (i.e., /VerifyingTaskItem/Signature/VerificationResult/SigningCertificate/@certificateType equals "nondetermined"), the SDK still returns a success status code (/VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") [2]. This violates the expected behavior where a signature should only be considered valid if the certificate chain is fully trusted.

Exploitation

An attacker can craft a digital signature using a certificate whose trust status is undetermined (e.g., a self-signed or expired certificate). The attacker then presents this signature to any application that relies on Szafir SDK for verification. No special network position or authentication is required beyond the ability to supply the malicious signature to the consuming application. The SDK incorrectly reports the signature as positively verified, causing the application to accept it.

Impact

Successful exploitation allows an attacker to bypass authentication mechanisms and impersonate legitimate users. Since the signature is treated as valid despite an unverified certificate chain, the attacker can forge signatures that appear authentic to the application. This leads to unauthorized access to protected resources or actions, potentially compromising the confidentiality, integrity, and availability of the system.

Mitigation

The issue was fixed in Szafir SDK version 463 [2]. Users should upgrade to version 463 or later. No workaround is documented; the only mitigation is to apply the patch. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication.