[Esapi-dev] HMAC validation bypass in ESAPI Symetric Encryption
pcardina at yahoo.fr
Mon Dec 2 22:10:01 UTC 2013
Do you have a tentative release date for this 2.1.1
version yet? Is there any mitigation strategy to prevent attacks on the
cipher text when the HMAC has been bypassed? For example not using CBC
for the encrypted text (to prevent padding oracle)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-dev