Sun Alert 270475 A Security Vulnerability in the Java Runtime Environment With Verifying HMAC Digests may Allow Authentication to be Bypassed

Exploits:

font size: decrease font size increase font size
Rate this article
View Comments
Related content

Product: Java Platform, Standard Edition (Java SE) A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application. Sun acknowledges, with thanks, Coda Hale for bringing this issue to ...

Product: Java Platform, Standard Edition (Java SE)

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

Sun acknowledges, with thanks, Coda Hale for bringing this issue to our attention.

State: Resolved

First released: 03-Nov-2009

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1

Read Full Article

Written on Monday, 02 November 2009 19:00 by

Viewed 15 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Global Security News Global Security News

Like this? Let your friends know now!

Rate this article

Latest articles from

Poker Faced? posted on Saturday, 21 November 2009 04:16
In "An Unstoppable Force Meets..." Haseeb writes about "we have just witnessed a monumental event…
Traffic Talk 8 Posted posted on Saturday, 21 November 2009 01:29
I just noticed that my 8th edition of Traffic Talk, titled How to use user-agent…
arstechnica: An introduction to the FBI's anti-cyber crime network posted on Saturday, 21 November 2009 03:59
arstechnica: An introduction to the FBI's anti-cyber crime network
Best of Application Security (Friday, Nov. 20) posted on Friday, 20 November 2009 21:57
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past…
Pinch Media: Piracy in the App Store posted on Saturday, 21 November 2009 01:59
Pinch Media: Piracy in the App Store

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top