CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

CVE-2024-21670

The CVE-2024-21670 issue affects the Ursa CL-Signatures revocation scheme used in Hyperledger Ursa. The revocation schema contains a flaw that can let a malicious holder of a revoked credential generate a valid Non-Revocation Proof, causing a verifier to accept a credential as not revoked when it...

CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

GHSA-R78F-4Q2Q-HVV4 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

GHSA-6698-MHXX-R84G Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...

Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...

PT-2024-19265 · Ursa · Ursa

Name of the Vulnerable Software and Affected Versions: Ursa affected versions not specified Description: The revocation scheme in Ursa's CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. A malicious verifier may...

PT-2024-19012 · Ursa · Ursa

Name of the Vulnerable Software and Affected Versions: Ursa affected versions not specified Description: The revocation schema in Ursa's CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. This flaw allows a...

curl: CVE-2024-0853: OCSP verification bypass with TLS session reuse

A vulnerability was identified in cURL version 8.5.0 that allowed revoked certificates to be accepted when reusing a TLS session. The issue was caused by a correction that inadvertently skipped OCSP stapling verification during TLS session reuse. This allowed revoked certificates to be accepted i...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to not checking the Certificate Revocation List CRL when insecureMode is set to its default value of false. An attacker with access to the private key of a correctly issued certificate and the ability...

CVE-2023-51662 Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List CRL were not...

snowflake-connector-net Trust Management Issues Vulnerability

Snowflake snowflake-connector-net is a Snowflake connector for . A trust management issue vulnerability exists in snowflake-connector-net versions 2.0.25 through 2.1.4 due to a failure to perform a check against the Certificate Revocation List CRL...

CLSA-2023-1701446356 libksba: Fix of 2 CVEs

CVE-2022-3515: detect a possible overflow directly in the TLV parser - CVE-2022-47629: fix an integer overflow in the CRL signature parser...

CLSA-2023-1701445586 libksba: Fix of 2 CVEs

CVE-2022-3515: detect a possible overflow directly in the TLV parser - CVE-2022-47629: fix an integer overflow in the CRL signature parser...

jetty: OpenId Revoked authentication allows one request

Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...

SUSE CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...