oss-sec mailing list archives
Fixing the XML signature HMAC truncation authentication bypass
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 14 Jul 2009 22:00:18 +0200
Quoting from <http://www.kb.cert.org/vuls/id/466161>: | XML Signature Syntax and Processing (XMLDsig) is a W3C | recommendation for providing integrity, message authentication, | and/or signer authentication services for data. XMLDsig is commonly | used by web services such as SOAP. The XMLDsig recommendation | includes support for HMAC truncation, as specified in RFC2014. When | HMAC truncation is under the control of an attacker, however, this | can result in an effective authentication bypass. For example, by | specifying an HMACOutputLength of 1, only one bit of the signature | is verified. This can allow an attacker to forge an XML signature | that will be accepted as valid. What shall we do about this? Shall we just cap the value at 80 or 96 bits in our implementations?
Current thread:
- Fixing the XML signature HMAC truncation authentication bypass Florian Weimer (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)