CVE-2022-21449: Psychic #Signatures in #Java

source: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special “psychic paper“, which causes the person looking at it to see whatever the Doctor wants them to see: a security pass, a warrant, or whatever.It turns out that some recent releases of Java were vulnerable to a similar kind of trick, in the implementation of widely-used #ECDSA signatures.

#security #fail #software #trust #news #problem #vulnerability #signature

There are no comments yet.