When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (signxml.XMLVerifier.verify(require_x509=False, hmac_key=...), prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the signxml.XMLVerifier.verify(expect_config=...) setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm.
Starting with signxml 4.0.4, specifying hmac_key causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
ahacker1-securesaml Reporter
When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (
signxml.XMLVerifier.verify(require_x509=False, hmac_key=...), prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using thesignxml.XMLVerifier.verify(expect_config=...)setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm.Starting with signxml 4.0.4, specifying
hmac_keycauses the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.