VYPR

CWE-347

Improper Verification of Cryptographic Signature

BaseDraft

Description

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-463 · CAPEC-475

CVEs mapped to this weakness (357)

page 8 of 18
  • CVE-2022-47549MedDec 19, 2022
    risk 0.42cvss 6.4epss 0.00

    An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault…

  • CVE-2018-15836HigSep 26, 2018
    risk 0.42cvss 7.5epss 0.01

    In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are…

  • CVE-2018-5387HigJul 24, 2018
    risk 0.42cvss 7.5epss 0.02

    Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication…

  • CVE-2016-1000342HigJun 4, 2018
    risk 0.42cvss 7.5epss 0.02

    In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the…

  • CVE-2016-1000338HigJun 1, 2018
    risk 0.42cvss 7.5epss 0.02

    In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the…

  • CVE-2018-0489MedFeb 27, 2018
    risk 0.42cvss 6.5epss 0.02

    Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML…

  • CVE-2018-0486MedJan 13, 2018
    risk 0.42cvss 6.5epss 0.02

    Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a…

  • CVE-2017-1000452HigJan 2, 2018
    risk 0.42cvss 7.5epss 0.01

    An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

  • CVE-2017-5066MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML…

  • CVE-2017-10669MedJun 30, 2017
    risk 0.42cvss 6.5epss 0.00

    Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.

  • CVE-2026-48526HigMay 28, 2026
    risk 0.41cvss 7.4epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer…

  • CVE-2026-45575HigMay 26, 2026
    risk 0.41cvss 7.4epss 0.00

    epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects…

  • CVE-2026-4600HigMar 23, 2026
    risk 0.41cvss 7.4epss 0.00

    Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA…

  • CVE-2024-38807MedAug 23, 2024
    risk 0.41cvss 6.3epss 0.00

    Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed…

  • CVE-2024-2307MedMar 19, 2024
    risk 0.40cvss 6.1epss 0.00

    A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

  • CVE-2026-42462HigJun 10, 2026
    risk 0.39cvss 7.0epss 0.00

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it…

  • CVE-2025-20248MedSep 10, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have…

  • CVE-2025-25305HigFeb 18, 2025
    risk 0.39cvss 7.0epss 0.00

    Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the…

  • CVE-2026-54783higJun 19, 2026
    risk 0.38cvss epss

    ### Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays…

  • CVE-2026-54774higJun 19, 2026
    risk 0.38cvss epss

    ### Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. #### Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver…