Mono-Project Information for VU#466161

XML signature HMAC truncation authentication bypass

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Our implementation is vulnerable and a new version* of Mono 2.4.2.2 will be available on (or soon after) July 14th 2PM EST.

The information about this vulnerability will be added to
http://www.mono-project.com/Vulnerabilities
at the same time.

Vendor References

http://www.mono-project.com/Vulnerabilities

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.