node-forge uses improper signature verification. Leniency in checking the digest algorithm structure allows remote attackers to specifically craft a structure that steals padding bytes and uses unchecked portion of the PKCS#1
encoded message to forge a signature when a low public exponent is being used.