2 matches found
CVE-2021-32685
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...
CVE-2021-32685
CVE-2021-32685 affects tEnvoy (used by TogaTech.org) where the verifyWithMessage function in tEnvoyNaClSigningKey incorrectly returns true for SHA-512 hashes that match the message hash, even if the signature is invalid. This flaw is present in versions prior to 7.0.3. The issue is patched in v7....