POC files: https://www.pdf-insecurity.org/signature/viewer.html And most of the ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hannob on March 6, 2019 \| parent \| context \| favorite \| on: How to Spoof PDF Signatures POC files: https://www.pdf-insecurity.org/signature/viewer.html And most of the readers you mention don't support signature verification - so they're perfectly secure from this attack ;-)

leni536 on March 6, 2019 [–]

pdfsig from poppler-utils is vulnerable to SWA. I expect any poppler based pdf readers (that actually bothers with signatures) to have the same vulnerability.

edit: mutool sign is also vulnerable to SWA.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact