connect2id / Nimbus-JOSE-JWT / issues / #315 - ECDSA.transcodeSignatureToDER ignores the last byte of an odd signature — Bitbucket

Issue #315 duplicate

Former user created an issue 2019-06-26

This is a security hole since it also validates all of the tokens whose signature is composed of a valid signature and one more character

Comments (2)

Connect2id OSS
For the ticket, could you provide more details / context / proof?
- 2019-06-26T14:56:35+00:00
Vladimir Dzhuvinov
- changed status to duplicate
Duplicate of ~~#399~~.
- 2021-01-28T11:40:35+00:00
Log in to comment

Assignee: –

Type: bug

Priority: blocker

Status: duplicate

Component: Crypto package

Milestone: –

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!