Signature Wrapping Vulnerability in OSCI-Transport 1.2

Signature Wrapping Vulnerability in OSCI-Transport 1.2

CVE-2017-10669 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.

Learn more about our Web Application Penetration Testing UK.