3 matches found
CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +10 more potentially affected by CVE-2024-1631 via @dfinity/auth-client (>=0.20.2 <=0.9.3)
@dfinity/auth-client NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.0.1, =0.0.1, =0.0.3, =0.0.2, =0.0.38-next-2023-12-19, =0.0.1, =0.0.7 Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...
CVE-2024-1631
CVE-2024-1631 describes a vulnerability in the editor-js/agent-js identity library where Ed25519KeyIdentity.generate may use an insecure seed instead of secure randomness when no seed is provided. The private key for identity 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe can be ...