CVE-2022-21449

This repository contains a proof-of-concept for CVE-2022-21449, demonstrating a TLS signature validation bypass in Java. The PoC includes a modified Go TLS server that presents invalid ECDSA signatures (r = s = 0) and a vulnerable Java client that accepts them.

This repository contains a Python script and a Bash script to scan Java archives (JAR, WAR, etc.) for the presence of the 'withECDSA' string, indicating potential vulnerability to CVE-2022-21449. It does not exploit the vulnerability but helps identify affected files.

This repository provides a Zeek script to detect exploitation attempts of CVE-2022-21449, a vulnerability in TLS clients (Java-based) where null signatures can bypass authentication. It includes installation and usage instructions, along with example output.

This PoC tests for CVE-2022-21449, a vulnerability in Java's ECDSA signature verification that allows an empty signature to be accepted as valid. It generates a key pair, attempts to verify an empty signature, and reports whether the JVM is vulnerable.

This repository contains a comprehensive JWT security testing toolkit with functional exploit code for multiple CVEs, including CVE-2022-21449 (Psychic Signature). It includes modules for analyzing, cracking, forging, and exploiting JWT vulnerabilities with specific attack implementations.

This repository is a writeup and reference collection for CVE-2022-21449, a Java cryptographic vulnerability. It includes acknowledgments, references, and links to external resources but does not contain exploit code.

This repository demonstrates CVE-2022-21449, a vulnerability in Java's ECDSA signature verification that allows bypassing JWT token validation using zeroed signatures (r=0, s=0). It includes a Spring Boot application to test valid and fake JWT tokens.

This repository contains a Python implementation of CVE-2022-21449, demonstrating ECDSA vulnerability exploitation with tools for elliptic curve operations, ECIES encryption, and key generation.

This PoC generates a base64 signature for applications vulnerable to 'psychic signatures in Java' (CVE-2022-21449) by exploiting a flaw in JWT signature validation. It uses a modified elliptic library to create a signature that bypasses validation, demonstrating an authentication bypass vulnerability.

This repository contains a Java-based PoC for CVE-2022-21449, demonstrating an authentication bypass vulnerability in Oracle Java SE 17.0.0. The exploit leverages a flaw in the ECDSA signature verification process, allowing arbitrary input to be accepted as valid.

This PoC demonstrates CVE-2022-21449, a vulnerability in Java's ECDSA signature verification that allows for 'psychic signatures' (accepting invalid signatures). The code generates or loads an EC key pair, signs a message, and verifies both valid and attacker-provided signatures to show the flaw.

This PoC demonstrates CVE-2022-21449, a vulnerability in Java's ECDSA signature verification where blank signatures are incorrectly validated. The test case shows that a blank signature should not be valid but may pass verification due to the flaw.