Tag

Signature-Bypass

4 briefs RSS

Admidio SAML Signature Validation Bypass Allows Forged AuthnRequests and LogoutRequests

Admidio's SAML Identity Provider implementation fails to properly validate signatures on SAML AuthnRequests and LogoutRequests, enabling attackers to bypass signature enforcement, potentially disclose user attributes via forged SSO requests, and terminate user sessions via forged SLO requests.

admidio saml signature-bypass authentication authorization web-application

2r 5t 5d ago

critical advisory

Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

2 rules 1 TTP

A vulnerability in the Stripe webhook handler allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without payment, stemming from an empty StripeWebhookSecret and lack of PaymentMethod validation, enabling cross-gateway exploitation.

Stripe Webhook stripe webhook signature-bypass quota-fraud

2r 1t 1w ago

critical advisory

ASP.NET Core Improper Signature Verification Vulnerability (CVE-2026-40372)

2 rules 1 TTP 1 CVE

CVE-2026-40372 is a critical vulnerability in ASP.NET Core stemming from improper cryptographic signature verification, potentially enabling unauthorized attackers to achieve network-based privilege escalation.

aspnet privilege-escalation cve-2026-40372 signature-bypass

2r 1t 1c 1w ago

high advisory

Jsrsasign < 11.1.1 Incorrect Conversion Vulnerability (CVE-2026-4602)

2 rules 1 TTP

Jsrsasign versions before 11.1.1 are vulnerable to an incorrect conversion between numeric types vulnerability, where an attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

jsrsasign vulnerability signature-bypass

2r 1t Mar 23, 2026