RSA Signature Verification Vulnerability in phpseclib by phpseclib
CVE-2021-30130

7.5HIGH

Key Information:

Vendor: PHPseclib
Status: PHPseclib
Vendor: CVE Published:; 6 April 2021

What is CVE-2021-30130?

The phpseclib library versions prior to 2.0.31 and 3.x before 3.0.7 improperly handle RSA PKCS#1 v1.5 signature verification, which can lead to potential security risks. This flaw could allow attackers to bypass signature checks, compromising the integrity of cryptographic verification processes. It is essential for users and developers to update to the latest versions to mitigate any risks associated with this vulnerability.

References

https://github.com/phpseclib/phpseclib/pull/1635

https://github.com/phpseclib/phpseclib/releases/tag/3.0.7

https://github.com/phpseclib/phpseclib/releases/tag/2.0.31

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2021
Vulnerability Reserved
Apr 5, 2021

CVE-2021-30130 Data

JSON

PHPseclib

What is CVE-2021-30130?

References

CVSS V3.1

Timeline