5 matches found
GO-2025-4112 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves in github.com/evervault/evervault-go
Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves in github.com/evervault/evervault-go...
GHSA-88H9-77C7-P6W4 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves
Summary A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is...
CVE-2025-64186 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves
Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...
EUVD-2025-131929
Evervault is a payment security solution. A vulnerability was identified in the evervault-go SDK’s attestation verification logic in versions of evervault-go prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not...
WireTap: Breaking Server SGX via DRAM Bus Interposition
Whitepaper that delves into Intel’s Software Guard eXtension SGX. A common misconception is that physical attacks on SGX require expensive laboratory equipment, thus putting them out of reach of hobbyist-level attackers. In this work, the authors challenge this belief, showing how simple memory b...