Security Researchers Warn of XML Vulnerability

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Security researchers have uncovered a vulnerability in XML encryption that can be used to decrypt sensitive data.

"XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat," writes Computerworld's Lucian Constantin. "Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode."

"The researchers claim that there is no simple fix for the problem and the standard needs to be changed," Constantin writes.

Go to "Widely used encryption standard is insecure, say experts" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.

Submit a Comment

Loading Comments...