7 matches found
EUVD-2009-4370
Malware in sbrugna...
EUVD-2006-4785
Malware in sbrugna...
EUVD-2009-3565
Malware in sbrugna...
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...
CVE-2022-31020
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
CVE-2020-11093
Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the countrycode field...