The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key.
The ECDSA signature verification from java 15 onward accecpted completely blank signatures as valid for an arbitrary message and public key.
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19