You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Message Signature Bypass in openpgp
High severity
GitHub Reviewed
Published
Aug 23, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of openpgp prior to 4.2.0 are vulnerable to Message Signature Bypass. The package fails to verify that a message signature is of type text. This allows an attacker to to construct a message with a signature type that only verifies subpackets without additional input (such as standalone or timestamp). For example, an attacker that captures a standalone signature packet from a victim can construct arbitrary signed messages that would be verified correctly.
Recommendation
Upgrade to version 4.2.0 or later.
If you are upgrading from a version <4.0.0 it is highly recommended to read the High-Level API Changes section of the openpgp 4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0
Versions of
openpgpprior to 4.2.0 are vulnerable to Message Signature Bypass. The package fails to verify that a message signature is of typetext. This allows an attacker to to construct a message with a signature type that only verifies subpackets without additional input (such asstandaloneortimestamp). For example, an attacker that captures astandalonesignature packet from a victim can construct arbitrary signed messages that would be verified correctly.Recommendation
Upgrade to version 4.2.0 or later.
If you are upgrading from a version <4.0.0 it is highly recommended to read the
High-Level API Changessection of theopenpgp4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0References