Our investigation leverages dynamic symbolic execution to systematically analyze the signature verification logic in different implementations. We have released our toolchain and relevant artifacts. This research has resulted in 6 new CVEs (3 high and 3 medium severity) being assigned, and vendors were notified to harden their signature verification code. This briefing will conclude with a discussion on why such flaws happened and how to avoid similar mistakes.
By: Sze Yiu Chau
Full Abstract & Presentation Materials: https://www.blackhat.com/us-19/briefings/schedule/#a-decade-after-bleichenbacher--rsa-signature-forgery-still-works-16143
0 Comments