Java Psychic Signatures: Completely broken ECDSA implementation accepts any signature including a blank one in Java 15-18. Breaks JWT verification (ES256/ES384/ES512), TLS client auth, and code signing. Update JDK immediately. Audit all JWT libraries using Java crypto for ECDSA.
Faulty implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) in Java 15-18 allows attackers to forge any signature by sending a blank signature (Psychic Signatures in Java).
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →