Oracle already wins 'crypto bug of the year' with Java digital signature bypass

2022-04-20 20:11

Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations.

Java 15-18 ECDSA doesn't sanity check that the random x coordinate and signature proof are nonzero; a signature validates any message.

The bug was introduced when part of Java 15's signature-verification code was rewritten from its native C++ into Java itself - including the ECDSA verification code.

To verify a signature, the code performs some math involving a hash of the data, the public key of whichever organization or person digitally signed the data, r, and s; one side of the equation uses r, the other s. Both sides of this computation must equal for the signature check to pass.

If the signature check fails, that likely means whoever signed the data isn't who they say they are and the data shouldn't be trusted.

The bug arose because the original C++ code checked that both r and s are non-zero, and wouldn't accept the signature if they were.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/20/java_authentication_bug/

#bypass #crypto #digital #java #oracle

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Oracle		781	388	3148	2078	432	6046