Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CWE-347 (密码学签名的验证不恰当) — Vulnerability Class 382

382 vulnerabilities classified as CWE-347 (密码学签名的验证不恰当). AI Chinese analysis included.

CWE-347 represents a critical integrity weakness where software fails to properly validate cryptographic signatures attached to data or code. Attackers typically exploit this flaw by intercepting communications or modifying stored files, substituting legitimate content with malicious payloads that lack valid digital signatures. Because the application accepts these unsigned or tampered inputs as authentic, it executes unauthorized commands or processes corrupted data, potentially leading to complete system compromise or data loss. To prevent this vulnerability, developers must implement rigorous verification routines that strictly check every incoming or processed item against its expected cryptographic signature using trusted public keys. This ensures that any alteration, even a single bit change, is detected and rejected. Additionally, employing secure key management practices and avoiding custom cryptographic implementations further strengthens the system’s defense against signature forgery and tampering attacks.

MITRE CWE Description
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Common Consequences (1)
Access Control, Integrity, ConfidentialityGain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands
An attacker could gain access to sensitive data and possibly execute unauthorized code.
Examples (1)
In the following code, a JarFile object is created from a downloaded file.
File f = new File(downloadedFilePath); JarFile jf = new JarFile(f);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding — saml2 8.6 High2025-03-11
CVE-2025-24043 WinDbg Remote Code Execution Vulnerability — WinDbg 7.5 High2025-03-11
CVE-2025-20206 Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability — Cisco Secure Client 7.1 High2025-03-05
CVE-2024-11957 Arbitrary Code Execution in WPS Office — WPS Office 7.8 -2025-03-04
CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure — AEADs 7.5 -2025-03-03
CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated — ltiauthenticator 10.0 Critical2025-02-25
CVE-2024-10237 SMC BMC Firmware Image Authentication Design Issue — MBD-X12DPG-OA6 7.2 High2025-02-04
CVE-2024-56161 AMD SEV-SNP 安全漏洞 — AMD EPYC™ 7001 Series 7.2 High2025-02-03
CVE-2025-23369 Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation — Enterprise Server 7.5 -2025-01-21
CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk — aws-cdk 8.1 -2025-01-17
CVE-2024-13172 Ivanti EPM 数据伪造问题漏洞 — Endpoint Manager 7.8 High2025-01-14
CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt — cjwt 9.1 -2024-12-19
CVE-2024-43106 Microsoft Office 安全漏洞 — Excel 7.1 High2024-12-18
CVE-2024-42220 Microsoft Office 安全漏洞 — Outlook 7.1 High2024-12-18
CVE-2024-42004 Microsoft Teams 安全漏洞 — Teams (work or school) 7.1 High2024-12-18
CVE-2024-41165 Microsoft Office 安全漏洞 — Word 7.1 High2024-12-18
CVE-2024-41159 Microsoft Office 安全漏洞 — OneNote 7.1 High2024-12-18
CVE-2024-41145 Microsoft Teams 安全漏洞 — Teams (work or school) 7.1 High2024-12-18
CVE-2024-41138 Microsoft Teams 安全漏洞 — Teams (work or school) 7.1 High2024-12-18
CVE-2024-39804 Microsoft Office PowerPoint 安全漏洞 — PowerPoint 7.1 High2024-12-18
CVE-2024-22461 Dell RecoverPoint for Virtual Machines 数据伪造问题漏洞 — RecoverPoint for Virtual Machines 8.8 High2024-12-13
CVE-2024-47476 Dell NetWorker Management Console 安全漏洞 — NetWorker Management Console 7.8 High2024-12-03
CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature — iota C.ai Conversational Platform 8.0AIHighAI2024-11-27
CVE-2024-53267 Vulnerability with bundle verification in sigstore-java — sigstore-java 5.5 Medium2024-11-26
CVE-2021-1461 Cisco SD-WAN Software Signature Verification Bypass Vulnerability — Cisco Catalyst SD-WAN Manager 4.9 Medium2024-11-18
CVE-2024-40592 Fortinet FortiClient 数据伪造问题漏洞 — FortiClientMac 6.8 High2024-11-12
CVE-2024-49394 Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing 5.3 Medium2024-11-12
CVE-2024-49393 Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing 6.5 Medium2024-11-12
CVE-2024-47073 Dataease arbitrary interface access vulnerability — dataease 9.1AICriticalAI2024-11-07
CVE-2024-51526 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.2 High2024-11-05

Vulnerabilities classified as CWE-347 (密码学签名的验证不恰当) represent 382 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.