CVE-2025-4658
13.05.2025, 17:16
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.Enginsight
| Vendor | Product | Version |
|---|---|---|
| openpubkey | openpubkey | 𝑥 < 0.10.0 |
| openpubkey | opkssh | 𝑥 < 0.5.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-305 - Authentication Bypass by Primary WeaknessThe authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
- CWE-347 - Improper Verification of Cryptographic SignatureThe software does not verify, or incorrectly verifies, the cryptographic signature for data.
References