Lucene search
Veracode Vulnerability DatabaseVERACODE:6034HistoryApr 02, 2018 - 5:29 a.m.
Signature Algorithm Not Verified
2018-04-0205:29:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
37.4%
github.com/endophage/gotuf and github.com/theupdateframework/notary do not check if the signature algorithm matches the key. Using this, attackers could forge a signature using a lesser cryptographically sound algorithm to recover private keys.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/theupdateframework/notary | eq | HEAD | |
| github.com/endophage/gotuf | eq | HEAD |
Related
github
github
Docker Notary Signature Algorithm Not Matched to Key vulnerability
2022-05-14 03:28:46
osv
osv
Docker Notary Signature Algorithm Not Matched to Key vulnerability
2022-05-14 03:28:46
prion
prion
Code injection
2018-03-31 21:29:00
cvelist
cvelist
CVE-2015-9258
2018-03-31 21:00:00
nvd
nvd
CVE-2015-9258
2018-03-31 21:29:00
cve
cve
CVE-2015-9258
2018-03-31 21:29:00
ubuntucve
ubuntucve
CVE-2015-9258
2018-03-31 00:00:00
debiancve
debiancve
CVE-2015-9258
2018-03-31 21:29:00