Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-347 (密码学签名的验证不恰当) — Vulnerability Class 362

362 vulnerabilities classified as CWE-347 (密码学签名的验证不恰当). AI Chinese analysis included.

CWE-347 represents a critical integrity weakness where software fails to properly validate cryptographic signatures attached to data or code. Attackers typically exploit this flaw by intercepting communications or modifying stored files, substituting legitimate content with malicious payloads that lack valid digital signatures. Because the application accepts these unsigned or tampered inputs as authentic, it executes unauthorized commands or processes corrupted data, potentially leading to complete system compromise or data loss. To prevent this vulnerability, developers must implement rigorous verification routines that strictly check every incoming or processed item against its expected cryptographic signature using trusted public keys. This ensures that any alteration, even a single bit change, is detected and rejected. Additionally, employing secure key management practices and avoiding custom cryptographic implementations further strengthens the system’s defense against signature forgery and tampering attacks.

MITRE CWE Description
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Common Consequences (1)
Access Control, Integrity, ConfidentialityGain Privileges or Assume Identity, Modify Application Data, Execute Unauthorized Code or Commands
An attacker could gain access to sensitive data and possibly execute unauthorized code.
Examples (1)
In the following code, a JarFile object is created from a downloaded file.
File f = new File(downloadedFilePath); JarFile jf = new JarFile(f);
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-22461 Dell RecoverPoint for Virtual Machines 数据伪造问题漏洞 — RecoverPoint for Virtual Machines 8.8 High2024-12-13
CVE-2024-47476 Dell NetWorker Management Console 安全漏洞 — NetWorker Management Console 7.8 High2024-12-03
CVE-2024-52958 iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature — iota C.ai Conversational Platform 8.0AIHighAI2024-11-27
CVE-2024-53267 Vulnerability with bundle verification in sigstore-java — sigstore-java 5.5 Medium2024-11-26
CVE-2021-1461 Cisco SD-WAN Software Signature Verification Bypass Vulnerability — Cisco Catalyst SD-WAN Manager 4.9 Medium2024-11-18
CVE-2024-40592 Fortinet FortiClient 数据伪造问题漏洞 — FortiClientMac 6.8 High2024-11-12
CVE-2024-49394 Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing 5.3 Medium2024-11-12
CVE-2024-49393 Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing 6.5 Medium2024-11-12
CVE-2024-47073 Dataease arbitrary interface access vulnerability — dataease 9.1AICriticalAI2024-11-07
CVE-2024-51526 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.2 High2024-11-05
CVE-2024-50347 Laravel Reverb has Missing API Signature Verification — reverb 5.3 -2024-10-31
CVE-2024-8036 Unauthorized Modifications of Firmware and Configuration — Relion Protection Relays RE_611 IEC 5.9 Medium2024-10-25
CVE-2024-47943 Improper signature verification of firmware upgrade files — IoT Interface & CMC III Processing Unit 9.8 -2024-10-15
CVE-2024-8531 Schneider Electric Data Center Expert 数据伪造问题漏洞 — Data Center Expert 7.2 High2024-10-11
CVE-2024-9487 An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed when the encrypted assertions feature was enabled — Enterprise Server 9.8AICriticalAI2024-10-10
CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready — ssoready 8.1AIHighAI2024-10-09
CVE-2024-23960 Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability — Halo9 4.6 Medium2024-09-28
CVE-2024-7479 Improper signature verification of VPN driver installation in TeamViewer Remote Clients — Remote Full Client 8.8 High2024-09-25
CVE-2024-7481 Improper signature verification of Printer driver installation in TeamViewer Remote Clients — Remote Full Client 8.8 High2024-09-25
CVE-2024-8698 Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak 7.7 High2024-09-19
CVE-2024-7788 Signatures in "repair mode" should not be trusted — LibreOffice 7.8 High2024-09-17
CVE-2024-45607 whatsapp-api-js fails to validate message's signature — whatsapp-api-js 5.8 Medium2024-09-12
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector — ruby-saml 10.0 Critical2024-09-10
CVE-2024-6800 GitHub Enterprise Server 安全漏洞 — GitHub Enterprise Server 9.8AICriticalAI2024-08-20
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection — Client Connector 5.7 Medium2024-08-06
CVE-2024-23460 Incorrect signature validation of package — Client Connector 6.4 Medium2024-08-06
CVE-2024-23456 Signature validation issue leads to Anti-Tampering bypass — Client Connector 7.8 High2024-08-06
CVE-2024-5912 Cortex XDR Agent: Improper File Signature Verification Checks — Cortex XDR Agent 8.4AIHighAI2024-07-10
CVE-2024-38069 Windows Enroll Engine Security Feature Bypass Vulnerability — Windows 10 Version 1809 7.0 High2024-07-09
CVE-2023-34435 Realtek rtl819x Jungle SDK 数据伪造问题漏洞 — WBR-6013 7.2 High2024-07-08

Vulnerabilities classified as CWE-347 (密码学签名的验证不恰当) represent 362 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.