Vendor

Oviva AG

1 brief RSS

epa4all-client Signature Verification Bypass Vulnerability

epa4all-client is vulnerable to a signature verification bypass where the ECDSA signature verification discards the boolean return value, allowing any structurally valid signature to be considered trusted.

epa4all-client signature-bypass vulnerability

2r Jan 2, 2024