[esb-java-user] Carbon 1.5.1 : Security Hot fix for XML signature HMAC truncation authentication bypass
prabath
prabath at wso2.com
Tue Jul 14 12:21:42 PDT 2009
The XML Signature specification allows for HMAC truncation, which may
allow a remote attacker to bypass authentication.
This issue was disclosed to public few minutes before [1].
If you are a Carbon 1.5.1 base product user please apply the security
fix available at [2].
Also please note that this issue is *NOT* present in Carbon 2.0.0 base
releases done recently.
Thanks & regards.
-Prabath
[1]: http://www.kb.cert.org/vuls/id/466161
[2]:http://dist.wso2.org/products/carbon/1.5.1/service_pack/WSO2-CARBON-1.5.1-SERVICE-PACK-1.zip
[3]:https://www.wso2.org/downloads/carbon/security_hot_fix
More information about the Esb-java-user
mailing list