mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
930 B
930 B
CVE-2019-9154
Description
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
POC
Reference
- http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
- http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html
- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
- https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/
Github
No PoCs found on GitHub currently.