RSA PKCS#1 v1.5 signature verification code is not properly checking DigestInfo
for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
The issue has been addressed in node-forge
1.3.0
.
If you have any questions or comments about this advisory: * Open an issue in forge * Email us at example email address