Carbon 1.5.1 : Security Hot fix for XML signature HMAC truncation authentication bypass

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Carbon 1.5.1 : Security Hot fix for XML signature HMAC truncation authentication bypass

Prabath Siriwardena

The XML Signature specification allows for HMAC truncation, which may
allow a remote attacker to bypass authentication.

This issue was disclosed to public few minutes before [1].

If you are a Carbon 1.5.1 base product user please apply the security
fix available at [2].

Also please note that this issue is *NOT* present in Carbon 2.0.0 base
releases done recently.

Thanks & regards.
-Prabath

[1]: http://www.kb.cert.org/vuls/id/466161
[2]:http://dist.wso2.org/products/carbon/1.5.1/service_pack/WSO2-CARBON-1.5.1-SERVICE-PACK-1.zip
[3]:https://www.wso2.org/downloads/carbon/security_hot_fix



_______________________________________________
Wsas-java-user mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/wsas-java-user
Loading...