signature wrapping attack #158
Labels
Comments
This comment has been minimized.
This comment has been minimized.
beat2
pushed a commit
to Glue-Software-Engineering-AG/OpenPDF
that referenced
this issue
Mar 7, 2019
|
That's ok for me. I will provide one more PR for a "feature" maybe next week, but this is not related to security. (Support for embedding both CRL and OCSP information, that means a mix of the two). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
iText 2.1.7 and OpenPDF too is affected by a signature wrapping attack. (For details see https://pdf-insecurity.org/).
Problem:
OpenPDF just uses the last part of the ByteRange to calculate the length a signature.
Proposed solution:
Instead one should take the length of all parts (first signed part, unsigned part which must contain only the signature, and the second signed part).
See: AcroFields#getSignatureNames
As an example, this document passes all checks:
https://pdf-insecurity.org/download/exploits/3_eXpert_PDF_12_Ultimate/siwa.pdf
This should return false instead of true: AcroFields#signatureCoversWholeDocument
Does anybody see a problem with the supposed solution? If not I can provide a PR.
The text was updated successfully, but these errors were encountered: