15 matches found
CVE-2022-31021
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
CVE-2024-22192
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...
Hyperledger Ursa Information Disclosure Vulnerability
Hyperledger Ursa is a cryptographic library open-sourced by Hyperledger for use with the blockchain. Hyperledger Ursa suffers from an information disclosure vulnerability that is caused by a flaw in the dangling scheme in the CL Signatures implementation. An attacker could exploit the vulnerabili...
CVE-2022-31021
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
Design/Logic Flaw
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...
CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...
CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...
CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...
CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
CVE-2022-31021
CVE-2022-31021 concerns Ursa/AnonCreds CL-Signatures: a weakness where the issuer’s key correctness proof is not published, potentially enabling weakened private keys that could allow verifiers to link presentations to the issuer. The issue applies to the CL-Signatures implementations used in Urs...
GHSA-6698-MHXX-R84G Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...
PT-2024-19265 · Ursa · Ursa
Name of the Vulnerable Software and Affected Versions: Ursa affected versions not specified Description: The revocation scheme in Ursa's CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. A malicious verifier may...