CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1127 vulnerabilities reference this CWE, most recent first.
GHSA-8WMC-QJ7W-W9JV
Vulnerability from github – Published: 2023-08-13 12:30 – Updated: 2024-04-04 06:53Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.
{
"affected": [],
"aliases": [
"CVE-2023-39393"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-13T12:15:46Z",
"severity": "HIGH"
},
"details": "Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.",
"id": "GHSA-8wmc-qj7w-w9jv",
"modified": "2024-04-04T06:53:50Z",
"published": "2023-08-13T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39393"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/8"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8XCP-QVV3-HCCF
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-07-13 00:01SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.
{
"affected": [],
"aliases": [
"CVE-2021-21474"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.",
"id": "GHSA-8xcp-qvv3-hccf",
"modified": "2022-07-13T00:01:07Z",
"published": "2022-05-24T17:41:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21474"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/2992154"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8XF4-W7QW-PJJW
Vulnerability from github – Published: 2022-03-30 00:00 – Updated: 2023-02-17 14:26In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "firebase/php-jwt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-46743"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-17T14:26:38Z",
"nvd_published_at": "2022-03-29T07:15:00Z",
"severity": "CRITICAL"
},
"details": "In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.",
"id": "GHSA-8xf4-w7qw-pjjw",
"modified": "2023-02-17T14:26:38Z",
"published": "2022-03-30T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46743"
},
{
"type": "WEB",
"url": "https://github.com/firebase/php-jwt/issues/351"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/firebase/php-jwt/CVE-2021-46743.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/firebase/php-jwt"
},
{
"type": "WEB",
"url": "https://github.com/firebase/php-jwt/releases/tag/v6.0.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Firebase PHP-JWT key/algorithm type confusion"
}
GHSA-8XJ4-3GR5-XW39
Vulnerability from github – Published: 2025-07-08 12:31 – Updated: 2025-07-08 12:31Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.
{
"affected": [],
"aliases": [
"CVE-2025-21004"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T11:15:25Z",
"severity": "MODERATE"
},
"details": "Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.",
"id": "GHSA-8xj4-3gr5-xw39",
"modified": "2025-07-08T12:31:02Z",
"published": "2025-07-08T12:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21004"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-923W-2XV2-7PR8
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2024-04-25 21:00The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/saml2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/saml2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0"
},
{
"fixed": "2.3.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/saml2"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-7644"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-25T21:00:32Z",
"nvd_published_at": "2018-03-05T14:29:00Z",
"severity": "HIGH"
},
"details": "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.",
"id": "GHSA-923w-2xv2-7pr8",
"modified": "2024-04-25T21:00:33Z",
"published": "2022-05-13T01:53:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7644"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/saml2/CVE-2018-7644.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/simplesamlphp/simplesamlphp"
},
{
"type": "WEB",
"url": "https://simplesamlphp.org/security/201802-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "SimpleSAMLphp Improper Verification of Cryptographic Signature"
}
GHSA-929H-MG2V-7C23
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.
{
"affected": [],
"aliases": [
"CVE-2021-37127"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T01:15:00Z",
"severity": "HIGH"
},
"details": "There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.",
"id": "GHSA-929h-mg2v-7c23",
"modified": "2022-05-24T19:18:58Z",
"published": "2022-05-24T19:18:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37127"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signature-en"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-92HG-JJMR-6GV2
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
{
"affected": [],
"aliases": [
"CVE-2020-8133"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-09T15:15:00Z",
"severity": "MODERATE"
},
"details": "A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.",
"id": "GHSA-92hg-jjmr-6gv2",
"modified": "2022-05-24T17:34:09Z",
"published": "2022-05-24T17:34:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8133"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/661051"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/661051,"
},
{
"type": "WEB",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-038"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-92VM-MXJF-JQF3
Vulnerability from github – Published: 2021-11-10 20:41 – Updated: 2024-10-25 14:49The verify function in the Stark Bank Python ECDSA library (starkbank-ecdsa) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "starkbank-ecdsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-43572"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-10T18:23:18Z",
"nvd_published_at": "2021-11-09T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The `verify` function in the Stark Bank Python ECDSA library (starkbank-ecdsa) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.",
"id": "GHSA-92vm-mxjf-jqf3",
"modified": "2024-10-25T14:49:40Z",
"published": "2021-11-10T20:41:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43572"
},
{
"type": "WEB",
"url": "https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/starkbank-ecdsa/PYSEC-2021-426.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/starkbank/ecdsa-python"
},
{
"type": "WEB",
"url": "https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1"
},
{
"type": "WEB",
"url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Cryptographic Signature in starkbank-ecdsa"
}
GHSA-93PJ-2PMF-2X7P
Vulnerability from github – Published: 2026-07-03 00:31 – Updated: 2026-07-03 00:31Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.
{
"affected": [],
"aliases": [
"CVE-2026-50721"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T22:16:43Z",
"severity": "HIGH"
},
"details": "Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to forge the SIG payload when small public exponents are being used (e.g., e=3), which could lead to impersonation. Additionally, a remote attacker, by encoding a shorter than expected hash in the SIG payload, could trigger an assertion leading to denial-of-service. The daemon aborts and restarts; continued exploitation causes sustained denial of service. Remote code execution is not possible. X.509 certificate verifications of remote IKE peers are not affected.",
"id": "GHSA-93pj-2pmf-2x7p",
"modified": "2026-07-03T00:31:52Z",
"published": "2026-07-03T00:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50721"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2026-50721"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt"
},
{
"type": "WEB",
"url": "https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt"
},
{
"type": "WEB",
"url": "https://www.rfc-editor.org/rfc/rfc2313"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-93W9-PXQ6-2VJJ
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-03-24 18:30A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.
{
"affected": [],
"aliases": [
"CVE-2019-1808"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-15T23:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by loading an unsigned software patch on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.",
"id": "GHSA-93w9-pxq6-2vjj",
"modified": "2023-03-24T18:30:22Z",
"published": "2022-05-24T16:45:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1808"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-spsv"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108367"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.