jsrsasign Improper Verification of Cryptographic Signature Vulnerability in DSA Domain-Parameter Validation

A vulnerability exists in the jsrsasign package, specifically in versions prior to 11.1.1, due to improper validation of DSA domain parameters during signature verification. This flaw allows an attacker to forge DSA signatures or X.509 certificates that are accepted by the X509.verifySignature() method. The vulnerability arises because the DSA verification process does not check that the domain parameters are valid, enabling the creation of signatures that bypass security checks.

Impact

Exploitation of this vulnerability allows for universal forgery of DSA signatures, which can be used to create fraudulent X.509 certificates that are accepted by verification processes. This could lead to unauthorized actions or impersonation in systems that rely on such certificates.

Reproduction

The vulnerability can be reproduced by creating a DSA public key with malicious domain parameters: g=1, y=1, and a fixed r=1. This can be done using the jsrsasign library by setting these values in the DSA public key import function. Once the key is set, a signature can be forged that will be accepted by the X509.verifySignature() method for any message hash.

Remediation

Users are advised to upgrade the jsrsasign package to version 11.1.1 or higher, where this vulnerability has been addressed.