You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Message Signature Bypass in openpgp
High severity
GitHub Reviewed
Published
Aug 23, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of openpgp prior to 4.2.0 are vulnerable to Message Signature Bypass. The package fails to verify that a message signature is of type text. This allows an attacker to to construct a message with a signature type that only verifies subpackets without additional input (such as standalone or timestamp). For example, an attacker that captures a standalone signature packet from a victim can construct arbitrary signed messages that would be verified correctly.
Versions of
openpgp
prior to 4.2.0 are vulnerable to Message Signature Bypass. The package fails to verify that a message signature is of typetext
. This allows an attacker to to construct a message with a signature type that only verifies subpackets without additional input (such asstandalone
ortimestamp
). For example, an attacker that captures astandalone
signature packet from a victim can construct arbitrary signed messages that would be verified correctly.Recommendation
Upgrade to version 4.2.0 or later.
If you are upgrading from a version <4.0.0 it is highly recommended to read the
High-Level API Changes
section of theopenpgp
4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0References