This page collects WhisperX intelligence signals tagged #HMAC. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical cryptographic vulnerability has been identified in the `dispatch_contract.py` module, where the HMAC envelope signing mechanism fails to incorporate the `payload` field into its canonical signing input. The flaw, located at lines 107–123 in the `_sign_envelope_payload` function, signs only metadata fields—`a...
A high-severity timing side-channel vulnerability has been identified in the MQTT envelope signature verification path, potentially allowing attackers to forge authentication tokens through careful measurement of response times. The flaw, classified as finding N2 with high severity, exists in `secure_mqtt.cpp:65` where...