oss-sec mailing list archives
Re: Fixing the XML signature HMAC truncation authentication bypass
From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 15 Jul 2009 03:00:58 +0200
On Wednesday 15 July 2009, Robert Buchholz wrote:
Florian Streibelt's analysis of the GnuTLS code indicated that is also vulnerable.
I misread his analysis. That's what happens when I try reading faster than my brain follows. The analysis was for the GnuTLS related code of xmlsec. Apologies. Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Fixing the XML signature HMAC truncation authentication bypass Florian Weimer (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)
- Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz (Jul 14)