CVE-2024-32962
Published: 02 May 2024
Summary
CVE-2024-32962 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in W3 (inferred from references). Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 5.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
xml-crypto is an XML digital signature and encryption library for Node.js. In versions 4.0.0 through 5.x the default configuration performs only signature validity checks per the xmldsig-core specification and does not verify signer authorization. It therefore accepts any certificate supplied inside a signed document’s <KeyInfo> element, even when the caller has explicitly configured a publicCert for verification. The flaw was introduced by changes in commit c2b83f98 and is tracked as CWE-347.
An unauthenticated network attacker can exploit the issue by taking a legitimately signed XML document, replacing its signature with one generated under an attacker-controlled key, and embedding the corresponding certificate in <KeyInfo>. Because xml-crypto prefers the certificate found in the document over any configured publicCert, the tampered document passes validation, allowing the attacker to spoof signatures and potentially alter authorization decisions or data that rely on the library’s result.
The project’s security advisory GHSA-2xp3-57p7-qf4v and the fix in version 6.0.0 (commit 21201723) recommend upgrading. Users who cannot upgrade are advised either to supply a getCertFromKeyInfo callback that validates the extracted certificate against a trust store before accepting the result, or to set getCertFromKeyInfo to () => undefined so that only the explicitly configured publicCert or privateKey is used. The EPSS score has remained flat at 0.1337 since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-1373
Vulnerability details
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec.…
more
As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `<KeyInfo />` element, and pass `xml-crypto` default validation checks. As a result `xml-crypto` trusts by default any certificate provided via digitally signed XML document's `<KeyInfo />`. `xml-crypto` prefers to use any certificate provided via digitally signed XML document's `<KeyInfo />` even if library was configured to use specific certificate (`publicCert`) for signature verification purposes. An attacker can spoof signature verification by modifying XML document and replacing existing signature with signature generated with malicious private key (created by attacker) and by attaching that private key's certificate to `<KeyInfo />` element. This vulnerability is combination of changes introduced to `4.0.0` on pull request 301 / commit `c2b83f98` and has been addressed in version 6.0.0 with pull request 445 / commit `21201723d`. Users are advised to upgrade. Users unable to upgrade may either check the certificate extracted via `getCertFromKeyInfo` against trusted certificates before accepting the results of the validation or set `xml-crypto's getCertFromKeyInfo` to `() => undefined` forcing `xml-crypto` to use an explicitly configured `publicCert` or `privateKey` for signature verification.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires verification of digital signatures using organization-approved certificates before installation, directly preventing improper verification of cryptographic signatures.
Component authenticity commonly depends on cryptographic signatures; the control enforces proper verification of those signatures.
PKI certificates under an approved policy require cryptographic signature verification on issuance and validation.
Requires cryptographic signatures on authoritative data and support for verifying the chain of trust.
Mandates verification of cryptographic signatures (e.g., DNSSEC RRSIG) on resolution responses, addressing missing or bypassed signature checks.
Integrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers.
Authenticity validation commonly relies on cryptographic signature or certificate checks that this control enforces.