LOL of the day: "you have to send us this XML file whose contents match the following MD5 Sum"
Hm, I guess I'll have to figure out where I can safely pad the file to force the collision, right?
No! I can put the given MD5 digest in an <MD5> XML element and it's accepted as valid regardless of the actual file contents!
Is there a CWE for "missed the point of the control entirely"?
A Mastodon instance for info/cyber security-minded people.