3 matches found
CVE-2022-31053
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...
CVE-2022-31053
CVE-2022-31053 involves Biscuit tokens where the v1 specification contains a vulnerable algorithm that allows forging valid Γ-signatures, enabling a token with any access level. The vulnerability does not affect Biscuit v2, which uses a different algorithm. Red Hat and OSV entries corroborate the...
PT-2022-20491
Name of the Vulnerable Software and Affected Versions Biscuit versions 1 Description The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. This would allow an attacker to create a token with any access level. The version 2 of...