XML signature element wrapping attacks and countermeasures

Abstract

Naïve use of XML Signature may result in signed documents remaining vulnerable to undetected modification by an adversary. In the typical usage of XML Signature to protect SOAP messages, an adversary may be capable of modifying valid messages in order to gain unauthorized access to protected resources. This paper describes the general vulnerability and several related exploits, and proposes appropriate countermeasures. While the attacks described herein may seem obvious to security experts once they are explained, effective countermeasures require careful security policy specification and correct implementation by signed message providers and consumers. Since these implementers are not always security experts, this paper provides the guidance necessary to prevent these attacks. Copyright 2005 ACM.