11 matches found
EUVD-2021-1579
Malware in sbrugna...
Improper verification of signature threshold in tough
Impact The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a...
GHSA-5Q2R-92F9-4M49 Improper verification of signature threshold in tough
Impact The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a...
GHSA-PWQF-9H7J-7MV8 Incorrect threshold signature computation in TUF
Impact Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the...
CVE-2020-15093
The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...
Information disclosure
The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...
CVE-2020-15093
The CVE-2020-15093 entry concerns the tough library (Rust/crates.io) prior to version 0.7.1, where the threshold of cryptographic signatures is not properly verified. This allows an attacker to duplicate a valid signature to bypass TUF’s minimum threshold of unique signatures before metadata is c...
Improper uniqueness verification of signature threshold
The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...
RUSTSEC-2020-0024 Improper uniqueness verification of signature threshold
The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...
CVE-2020-6174
The CVE-2020-6174 issue affects the tough library (Rust/crates.io) prior to version 0.7.1, where signatures’ threshold verification is broken. Specifically, the vulnerability allows an attacker to duplicate a valid signature and circumvent the minimum threshold required for metadata validity. A f...
CVE-2020-6174
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...