The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication.
This issue was disclosed to public few minutes before [1]. If you are a Carbon 1.5.1 base product user please apply the security fix available at [2]. Also please note that this issue is *NOT* present in Carbon 2.0.0 base releases done recently. Thanks & regards. -Prabath [1]: http://www.kb.cert.org/vuls/id/466161 [2]:http://dist.wso2.org/products/carbon/1.5.1/service_pack/WSO2-CARBON-1.5.1-SERVICE-PACK-1.zip [3]:https://www.wso2.org/downloads/carbon/security_hot_fix _______________________________________________ Esb-java-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
