CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1121 vulnerabilities reference this CWE, most recent first.
GHSA-JFC7-64V2-MR8C
Vulnerability from github – Published: 2026-06-26 19:11 – Updated: 2026-06-26 19:11Impact
The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designed to provide.
In packages/core/src/dsse.ts, the PAE function builds a string containing payloadType and then encodes it with Buffer.from(prefix, 'ascii').
In Node.js, 'ascii' encoding for string-to-Buffer is equivalent to 'latin1', which truncates characters above U+00FF to their low byte. This means for any ASCII character, there exist Unicode characters (at U+01xx, U+02xx, etc.) that produce the identical encoded byte:
| Original | Codepoint | Mutant | Codepoint | Encoded byte |
|---|---|---|---|---|
t |
U+0074 | Ŵ |
U+0174 | 0x74 |
e |
U+0065 | ť |
U+0165 | 0x65 |
An attacker can substitute every character in payloadType with a Unicode variant whose low byte matches, producing identical PAE bytes and a passing signature verification.
Additionally, payloadType.length returns the JavaScript string length (UTF-16 code units) rather than the UTF-8 byte length required by the DSSE spec, though this is only a contributing factor for non-ASCII types.
Reproduction
const { preAuthEncoding } = require('@sigstore/core/dist/dsse.js');
const payload = Buffer.from('hello world');
const original = preAuthEncoding('text/plain', payload);
// U+01xx chars whose low bytes match the original ASCII chars
const mutant = preAuthEncoding('\u0174\u0165\u0178\u0174/\u0170\u016c\u0161\u0169\u016e', payload);
console.log('PAE bytes equal:', original.equals(mutant)); // true — should be false
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.0"
},
"package": {
"ecosystem": "npm",
"name": "@sigstore/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48758"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T19:11:19Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nThe `preAuthEncoding` function in `@sigstore/core` uses Node.js `\u0027ascii\u0027` encoding when converting the PAE (Pre-Authentication Encoding) string to bytes. This allows `payloadType` to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designed to provide.\n\nIn `packages/core/src/dsse.ts`, the PAE function builds a string containing `payloadType` and then encodes it with `Buffer.from(prefix, \u0027ascii\u0027)`.\n\nIn Node.js, `\u0027ascii\u0027` encoding for string-to-Buffer is equivalent to `\u0027latin1\u0027`, which **truncates characters above U+00FF to their low byte**. This means for any ASCII character, there exist Unicode characters (at U+01xx, U+02xx, etc.) that produce the identical encoded byte:\n\n| Original | Codepoint | Mutant | Codepoint | Encoded byte |\n|----------|-----------|--------|-----------|--------------|\n| `t` | U+0074 | `\u0174` | U+0174 | `0x74` |\n| `e` | U+0065 | `\u0165` | U+0165 | `0x65` |\n\nAn attacker can substitute every character in `payloadType` with a Unicode variant whose low byte matches, producing **identical PAE bytes** and a passing signature verification.\n\nAdditionally, `payloadType.length` returns the JavaScript string length (UTF-16 code units) rather than the UTF-8 byte length required by the DSSE spec, though this is only a contributing factor for non-ASCII types.\n\n#### Reproduction\n\n```javascript\nconst { preAuthEncoding } = require(\u0027@sigstore/core/dist/dsse.js\u0027);\nconst payload = Buffer.from(\u0027hello world\u0027);\n\nconst original = preAuthEncoding(\u0027text/plain\u0027, payload);\n// U+01xx chars whose low bytes match the original ASCII chars\nconst mutant = preAuthEncoding(\u0027\\u0174\\u0165\\u0178\\u0174/\\u0170\\u016c\\u0161\\u0169\\u016e\u0027, payload);\n\nconsole.log(\u0027PAE bytes equal:\u0027, original.equals(mutant)); // true \u2014 should be false\n```",
"id": "GHSA-jfc7-64v2-mr8c",
"modified": "2026-06-26T19:11:20Z",
"published": "2026-06-26T19:11:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/sigstore-js/security/advisories/GHSA-jfc7-64v2-mr8c"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/sigstore-js"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "@sigstore/core has DSSE payloadType type-binding failure"
}
GHSA-JFCQ-6QWC-XQVX
Vulnerability from github – Published: 2024-11-27 06:30 – Updated: 2026-03-06 21:30A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.
{
"affected": [],
"aliases": [
"CVE-2024-52958"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-27T06:15:18Z",
"severity": "CRITICAL"
},
"details": "A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.",
"id": "GHSA-jfcq-6qwc-xqvx",
"modified": "2026-03-06T21:30:30Z",
"published": "2024-11-27T06:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52958"
},
{
"type": "WEB",
"url": "https://zuso.ai/advisory/za-2024-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JFVX-RJP6-P69P
Vulnerability from github – Published: 2023-12-29 03:30 – Updated: 2023-12-29 03:30Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.
{
"affected": [],
"aliases": [
"CVE-2023-23431"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T02:15:43Z",
"severity": "HIGH"
},
"details": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n",
"id": "GHSA-jfvx-rjp6-p69p",
"modified": "2023-12-29T03:30:28Z",
"published": "2023-12-29T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23431"
},
{
"type": "WEB",
"url": "https://www.hihonor.com/global/security/cve-2023-23431"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFX2-WJCV-V5C8
Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-13 15:30Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2025-64740"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T15:15:53Z",
"severity": "HIGH"
},
"details": "Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.",
"id": "GHSA-jfx2-wjcv-v5c8",
"modified": "2025-11-13T15:30:31Z",
"published": "2025-11-13T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64740"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-25042"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JFXM-W8G2-4RCV
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2023-10-06 00:56A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "node-jose"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-0114"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-20T18:45:54Z",
"nvd_published_at": "2018-01-04T06:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.",
"id": "GHSA-jfxm-w8g2-4rcv",
"modified": "2023-10-06T00:56:10Z",
"published": "2022-05-13T01:17:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0114"
},
{
"type": "PACKAGE",
"url": "https://github.com/cisco/node-jose"
},
{
"type": "WEB",
"url": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://github.com/zi0Black/POC-CVE-2018-0114"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124130907/http://www.securityfocus.com/bid/102445"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44324"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cisco node-jose improper validation of JWT signature"
}
GHSA-JGX9-3HVF-VPPH
Vulnerability from github – Published: 2023-08-13 12:30 – Updated: 2024-04-04 06:53Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
{
"affected": [],
"aliases": [
"CVE-2023-39392"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-13T12:15:46Z",
"severity": "HIGH"
},
"details": "Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.",
"id": "GHSA-jgx9-3hvf-vpph",
"modified": "2024-04-04T06:53:51Z",
"published": "2023-08-13T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39392"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/8"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JHJ3-56QQ-759H
Vulnerability from github – Published: 2026-07-03 00:31 – Updated: 2026-07-03 00:31WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2025.6.2.
{
"affected": [],
"aliases": [
"CVE-2026-13722"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T00:16:52Z",
"severity": "HIGH"
},
"details": "WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2025.6.2.",
"id": "GHSA-jhj3-56qq-759h",
"modified": "2026-07-03T00:31:54Z",
"published": "2026-07-03T00:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13722"
},
{
"type": "WEB",
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JHJW-25G5-P452
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
{
"affected": [],
"aliases": [
"CVE-2020-9047"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-26T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.03.2.0 and prior and exacqVision Enterprise Manager versions 20.03.3.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.",
"id": "GHSA-jhjw-25g5-p452",
"modified": "2022-05-24T17:21:46Z",
"published": "2022-05-24T17:21:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9047"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-20-170-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JMQX-7P3P-V5PC
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
{
"affected": [],
"aliases": [
"CVE-2026-42743"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:16:57Z",
"severity": "MODERATE"
},
"details": "Unauthenticated Broken Authentication in Masteriyo - LMS \u003c= 2.1.8 versions.",
"id": "GHSA-jmqx-7p3p-v5pc",
"modified": "2026-06-15T21:30:47Z",
"published": "2026-06-15T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42743"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/learning-management-system/vulnerability/wordpress-masteriyo-lms-plugin-2-1-8-broken-authentication-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JMW4-VRCR-PPPG
Vulnerability from github – Published: 2022-05-14 03:13 – Updated: 2022-05-14 03:13Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
{
"affected": [],
"aliases": [
"CVE-2018-3756"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-01T19:29:00Z",
"severity": "HIGH"
},
"details": "Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.",
"id": "GHSA-jmw4-vrcr-pppg",
"modified": "2022-05-14T03:13:26Z",
"published": "2022-05-14T03:13:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3756"
},
{
"type": "WEB",
"url": "https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.