Xmlseclibs
Monthly
Critical cryptographic vulnerability in the xmlseclibs PHP library (versions before 3.1.5) that fails to validate authentication tag lengths in AES-GCM encrypted XML nodes. Attackers can exploit this remotely without authentication to brute-force encryption keys, decrypt sensitive data, and forge ciphertexts. While not currently in CISA's KEV catalog, the vulnerability has a high CVSS score of 8.2 and affects a widely-used XML security library.
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Critical cryptographic vulnerability in the xmlseclibs PHP library (versions before 3.1.5) that fails to validate authentication tag lengths in AES-GCM encrypted XML nodes. Attackers can exploit this remotely without authentication to brute-force encryption keys, decrypt sensitive data, and forge ciphertexts. While not currently in CISA's KEV catalog, the vulnerability has a high CVSS score of 8.2 and affects a widely-used XML security library.
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.