Vulnerability & Exploit Database

Back to search

JRE XML Authentication Bypass

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) July 14, 2009 November 18, 2009 September 13, 2018

Description

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in the Sun JDK and JRE 6 Update 14 and earlier uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length. This allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

jre-upgrade-latest

Related Vulnerabilities