Product
epa4all-client is vulnerable to a signature verification bypass where the ECDSA signature verification discards the boolean return value, allowing any structurally valid signature to be considered trusted.