Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 2:11 p.m.12 views

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

7.5CVSS6.7AI score0.00933EPSS
Exploits1References1
Veracode
Veracode
added 2024/09/02 4:46 a.m.6 views

Unauthorized Ledger Alterations

indynode is vulnerable to Unauthorized Ledger Alterations. The vulnerability is due to lack of signature verification and the ability to update a DID with a nym transaction without checking changes to ROLE or VERKEY, allows unauthorized alterations to the ledger, such as spamming it with...

7.5CVSS6.6AI score0.00933EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/08/30 6:41 p.m.12 views

GHSA-WH2W-39F4-RPV2 Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

8.7CVSS7.7AI score0.00933EPSS
Exploits1References7
PyPA
PyPA
added 2020/12/24 8:15 p.m.6 views

PYSEC-2020-48

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

7.5CVSS6.9AI score0.00933EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/24 12:0 a.m.5 views

PT-2020-12548 · Hyperledger · Hyperledger Indy Node

Name of the Vulnerable Software and Affected Versions: Hyperledger Indy Node versions prior to 1.12.4 Description: The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no...

8.7CVSS7.1AI score0.00933EPSS
Exploits1References13
Rows per page
Query Builder