39 lines
1.0 KiB
Plaintext
39 lines
1.0 KiB
Plaintext
include::../common/rationale.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../common/description.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../common/impact.adoc[]
|
|
|
|
include::./how-to-fix/net-core.adoc[]
|
|
|
|
== Resources
|
|
|
|
=== Documentation
|
|
|
|
* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.xml[System.Security.Cryptography.Xml Namespace]
|
|
* Microsfot Learn - https://learn.microsoft.com/en-us/dotnet/standard/security/how-to-verify-the-digital-signatures-of-xml-documents[How to: Verify the Digital Signatures of XML Documents]
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Change this code to only accept signatures computed from a trusted party.
|
|
|
|
=== Highlight
|
|
|
|
The call to the signature verification function:
|
|
* System.Security.Cryptography.Xml.SignedXml.CheckSignature
|
|
* System.Security.Cryptography.Xml.SignedXml.CheckSignatureReturningKey
|
|
|
|
'''
|
|
endif::env-github,rspecator-view[] |