This Week in Security: Java’s Psychic Signatures, AWS Escape, And a Nasty Windows Bug

#hackadaycolumns #news #securityhacks #ecdsa #log4shell #thisweekinsecurity #hackaday
posted by pod_feeder_v2

CVE-2022-21449: Psychic #Signatures in #Java

source: https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special “psychic paper“, which causes the person looking at it to see whatever the Doctor wants them to see: a security pass, a warrant, or whatever.It turns out that some recent releases of Java were vulnerable to a similar kind of trick, in the implementation of widely-used #ECDSA signatures.

#security #fail #software #trust #news #problem #vulnerability #signature