SignXML Algorithm Confusion Vulnerability in HMAC Signature Verification

A vulnerability exists in SignXML, a Python library for XML signature processing, in versions prior to 4.0.4. When verifying signatures with X509 certificate validation disabled and an HMAC shared secret provided, the library is susceptible to an algorithm confusion attack. This vulnerability allows an attacker to exploit the signature verification process by using a different asymmetric signature algorithm, potentially leading to unauthorized actions or bypassing security controls. The issue arises because, by default, the library does not restrict the accepted signature algorithms, leaving room for exploitation.

Impact

Exploitation of this vulnerability could lead to an algorithm confusion attack, where an attacker manipulates the signature verification process to use an unexpected signature algorithm, potentially bypassing security measures and causing unauthorized actions.

Reproduction

To reproduce this vulnerability, verify an XML signature using the SignXML library's XMLVerifier class. Disable X509 certificate validation and provide an HMAC key. If the expected signature algorithms are not explicitly limited, an attacker can supply a signature signed with a different asymmetric key algorithm, exploiting the algorithm confusion vulnerability.

Remediation

Users can upgrade to SignXML version 4.0.4 or later, where the vulnerability has been addressed. In addition, when using HMAC keys, it is recommended to explicitly restrict the expected signature algorithms to HMAC only, unless already done.