OpenPubkey Library Signature Verification Bypass Vulnerability

Vulnerability

A vulnerability exists in the OpenPubkey library in versions prior to 0.10.0, allowing a specially crafted JSON Web Signature (JWS) to bypass signature verification. This issue also affects OPKSSH versions prior to 0.5.0, as OPKSSH relies on the OpenPubkey library for authentication. Exploiting this vulnerability could enable an attacker to bypass authentication in OPKSSH.

Impact

Bypassing authentication in OPKSSH, which could allow unauthorized access to systems or services that rely on OPKSSH for authentication via OpenID Connect identities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenPubkey Library Signature Verification Bypass Vulnerability

Vulnerability

Impact

Affected Products

OpenPubkey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating