Naziv
|
Signature Spoofing by Mixing Signed and Unsigned Content
|
Sažetak
|
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
|
Preduvjeti
|
Signer and recipient are using complex data storage structures that allow for a mix between signed and unsigned data|Recipient is using signature verification software that does not maintain separation between signed and unsigned data once the signature has been verified.
|
Rješenja
|
Ensure the application is fully patched and does not allow the processing of unsigned data as if it is signed data.
|