Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Veracode
Veracodeadded 2024/02/21 7:1 a.m.14 views

Insufficiently Random Values

dfinity/auth-client and dfinity/identity are vulnerable to insecure key generation. The vulnerability is due to the Ed25519KeyIdentity.generate function as it uses an insecure seed for key pair generation when no seed value is provided. This flaw breaks the guarantee of secure randomness and can...

9.1CVSS6.8AI score0.01735EPSS
Exploits1References6Affected Software2
OSV
OSVadded 2024/02/21 2:54 a.m.24 views

GHSA-C9VV-FHGV-CJC3 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

9.1CVSS9.2AI score0.01735EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2024/02/21 2:54 a.m.28 views

agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

9.1CVSS6.7AI score0.01735EPSS
Exploits1References7Affected Software2
Rows per page
Query Builder