Improper Verification of Cryptographic Signature

The Biscuit specification version 1 contains a vulnerable algorithm that allows
malicious actors to forge valid Γ-signatures. Such an attack would allow an
attacker to create a token with any access level. The version 2 of the
specification mandates a different algorithm than gamma signatures and as such
is not affected by this vulnerability.