4 matches found
CVE-2020-15093
The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...
CVE-2020-15093
The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...
CVE-2020-15093 Improper verification of signature threshold in tough
The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...
CVE-2020-15093
The CVE-2020-15093 entry concerns the tough library (Rust/crates.io) prior to version 0.7.1, where the threshold of cryptographic signatures is not properly verified. This allows an attacker to duplicate a valid signature to bypass TUF’s minimum threshold of unique signatures before metadata is c...