PDF Online Validation Services

Please note that we do not provide any exploit, due to the reason that the services are already fixed and thus it would not be possible to test the PoCs against any services.

Legend:

  • insecure - Application is vulnerable to the attack
  • secure - Application is not vulnerable to the attack
  • USF - Universal Signature Forgery
  • ISA - Incremental Saving Attack
  • SWA - Signature Wrapping Attack
  • - It was not possible to evaluate this services, because we had no pdf document containing a signature which the service would trust.
Online Validation Service Version USF ISA SWA Fixed
DocuSign v1 REST API with PDFKit.NET 18.3.200.9768 secure insecure insecure not fixed yet
eTR Validation Service v 2.0.3 secure insecure insecure secure
DSS Demonstration WebApp WebApp 5.2 secure insecure secure not fixed yet
DSS Demonstration WebApp WebApp 5.4 secure secure secure secure
Evotrust 12.0.20 secure insecure secure not fixed yet
VEP.si 2017-06-26 secure insecure secure secure
SiVa Sample Application release-2.0.1 - - - -