Lucene search
GoogleOSV:CVE-2022-31053HistoryJun 13, 2022 - 8:15 p.m.
CVE-2022-31053
2022-06-1320:15:07
Google
osv.dev
2
biscuit
authentication
authorization
vulnerability
fix
v2
specification
algorithm
microservices
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue.
Related
veracode
veracode
Insecure Cryptographic Function
2022-06-14 03:32:26
osv
osv
Signature forgery in github.com/biscuit-auth/biscuit-go
2022-08-15 18:02:15
Signature forgery in Biscuit
2022-06-17 00:38:03
Improper Verification of Cryptographic Signature
2023-06-19 21:35:33
prion
prion
Authentication flaw
2022-06-13 20:15:00
github
github
Signature forgery in Biscuit
2022-06-17 00:38:03
nvd
nvd
CVE-2022-31053
2022-06-13 20:15:07
cve
cve
CVE-2022-31053
2022-06-13 20:15:07
cvelist
cvelist
CVE-2022-31053 Signature forgery in Biscuit
2022-06-13 19:35:10