Back to search
CVE-2020-13101
Published: Aug 24, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.oasis-open.org/standards#dssv1.0
x_refsource_MISC
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss-x
x_refsource_CONFIRM
https://www.oasis-open.org/apps/org/workgroup/dss-x/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now