Lucene search
PRIOn knowledge basePRION:CVE-2024-21670HistoryJan 16, 2024 - 10:15 p.m.
Design/Logic Flaw
2024-01-1622:15:00
PRIOn knowledge base
www.prio-n.com
4
ursa
cryptographic library
privacy guarantees
anoncreds
verifiable credentials
revoked credentials
verification
end-of-life status
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being “not revoked” when in fact, the holder’s credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-21670
2024-01-16 22:15:45
cvelist
cvelist
nvd
nvd
CVE-2024-21670
2024-01-16 22:15:45
osv
osv
CVE-2024-21670
2024-01-16 22:15:45
github
github