5 matches found
CVE-2020-11093
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...
Unauthorized Ledger Alterations
indynode is vulnerable to Unauthorized Ledger Alterations. The vulnerability is due to lack of signature verification and the ability to update a DID with a nym transaction without checking changes to ROLE or VERKEY, allows unauthorized alterations to the ledger, such as spamming it with...
GHSA-WH2W-39F4-RPV2 Hyperledger Indy's update process of a DID does not check who signs the request
Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...
PYSEC-2020-48
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...
PT-2020-12548 · Hyperledger · Hyperledger Indy Node
Name of the Vulnerable Software and Affected Versions: Hyperledger Indy Node versions prior to 1.12.4 Description: The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no...