CAPEC-CAPEC-477 - CERT CVE
Naziv

Signature Spoofing by Mixing Signed and Unsigned Content

Sažetak An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
Preduvjeti Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data|Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.
Rješenja Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data.