Psychic Signature vulnerability lies in the crypto for ECDSA signatures, which protects systems for critical tasks like authentication. Hackers can bypass any signature check with this vulnerability. We will explain what it is and how to mitigate it in this post.
On April 19th 2022, Neil Madden disclosed a vulnerability in Oracle Java 15 through 18, and OpenJDK 15, 17, and 18. The vulnerability lies in the cryptography for ECDSA signatures, which allows an attacker to bypass signature checks entirely for these signatures.
It’s easy to see headlines about this vulnerability and skim right past them given the obscure nature of ECDSA signatures. However, ECDSA signatures actually play a key role in protecting systems across the internet for critical tasks like authentication.
Before we dive into details, if you want to experience how hackers exploit Psychic Signatures in a hands-on way. Jump straight into our free lab - Missions to try it out yourself.