{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/oviva-ag/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["epa4all-client (\u003c= 1.2.0)"],"_cs_severities":["high"],"_cs_tags":["signature-bypass","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Oviva AG"],"content_html":"\u003cp\u003eThe \u003ccode\u003eepa4all-client\u003c/code\u003e software, specifically versions 1.2.0 and earlier, contains a critical vulnerability related to signature verification. The vulnerability resides in the \u003ccode\u003eSignedPublicKeysTrustValidatorImpl.isTrusted()\u003c/code\u003e method, where the return value of the \u003ccode\u003eSignature.verify()\u003c/code\u003e function, which indicates whether the signature matches, is ignored. This oversight means that any structurally valid signature, regardless of its authenticity, will be accepted as valid. This allows attackers to bypass signature validation checks. This vulnerability has been assigned CVE-2026-44900 and patched in pull request #34.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious update or component for \u003ccode\u003eepa4all-client\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker signs the malicious component with any structurally valid signature (even if it\u0026rsquo;s not cryptographically correct).\u003c/li\u003e\n\u003cli\u003eThe compromised \u003ccode\u003eepa4all-client\u003c/code\u003e application receives the crafted, signed component.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eSignedPublicKeysTrustValidatorImpl.isTrusted()\u003c/code\u003e method is invoked to verify the signature of the component.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eSignature.verify()\u003c/code\u003e method is called, but its boolean return value is discarded.\u003c/li\u003e\n\u003cli\u003eBecause the signature is structurally valid, the method proceeds as if the signature is authentic.\u003c/li\u003e\n\u003cli\u003eThe malicious component is accepted and executed by the \u003ccode\u003eepa4all-client\u003c/code\u003e application.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, potentially leading to data compromise or system takeover.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to bypass signature validation, leading to the execution of malicious code within the \u003ccode\u003eepa4all-client\u003c/code\u003e application. This can lead to a complete compromise of the application, potentially affecting sensitive data handled by the client. The vulnerability affects versions 1.2.0 and earlier, potentially impacting all users of these versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to the patched version of \u003ccode\u003eepa4all-client\u003c/code\u003e referenced in \u003ca href=\"https://github.com/oviva-ag/epa4all-client/pull/34\"\u003e#34\u003c/a\u003e to remediate the signature bypass vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect epa4all-client Signature Verification Bypass\u0026rdquo; to monitor for potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual activity originating from \u003ccode\u003eepa4all-client\u003c/code\u003e processes after upgrades, as this could indicate a compromised installation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-epa4all-signature-bypass/","summary":"epa4all-client is vulnerable to a signature verification bypass where the ECDSA signature verification discards the boolean return value, allowing any structurally valid signature to be considered trusted.","title":"epa4all-client Signature Verification Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-epa4all-signature-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Oviva AG","version":"https://jsonfeed.org/version/1.1"}