LOL of the day: "you have to send us this XML file whose contents match the following MD5 Sum"

Hm, I guess I'll have to figure out where I can safely pad the file to force the collision, right?

No! I can put the given MD5 digest in an <MD5> XML element and it's accepted as valid regardless of the actual file contents!


Is there a CWE for "missed the point of the control entirely"?

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.