关键漏洞信息 Title: Cesanta Mongoose Embedded Web Server 7.20 Improper Verification of Cryptographic Signature Description: - The function in never computes or verifies the Poly1305 authentication tag during decryption. - This completely bypasses the authentication guarantee of the AEAD cipher. - ChaCha20 is a stream cipher, allowing a man-in-the-middle attacker to perform bit-flipping attacks on any TLS record, modifying encrypted data in transit with byte-level precision. - The Mongoose server will accept the tampered record as authentic, rendering TLS connections using the built-in TLS implementation completely unauthenticated. - The vendor recognizes this as a serious vulnerability but is incapable or unwilling to fix it. Source: https://github.com/dwBruijın/CVEs/blob/main/Mongoose/ChaCha20Poly1305.md User: dwbruijn (UID 93926) Submission Date: 2022-12-02 08:26 AM Moderation Date: 2022-02-22 08:57 AM Status: Accepted VulDB Entry: 34735 (Cesanta Mongoose up to 7.20 Poly1305 Authentication Tag signature verification) Points: 20