GO-2022-0564 Signature forgery in github.com/biscuit-auth/biscuit-go

An attacker can forge Biscuit v1 tokens with any access level. There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids this vulnerability...

Signature forgery in Biscuit

Impact The paper Cryptanalysis of Aggregate Γ-Signature and Practical Countermeasures in Application to Bitcoin defines a way to forge valid Γ-signatures, an algorithm that is used in the Biscuit specification version 1. It would allow an attacker to create a token with any access level. As Biscu...