EUVD-2021-1273

Malware in sbrugna...

CVE-2021-32685

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

tenvoy (>=6.0.4 <=6.0.5) potentially affected by CVE-2021-32685 via tenvoy (=6.0.6)

tenvoy NPM version =6.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on tenvoy and may be impacted: - tenvoy =6.0.4, =6.0.5 Source cves: CVE-2021-32685 Source advisory: OSV:GHSA-7R96-8G3X-G36M...

GHSA-5W25-HXP5-H8C9 Duplicate Advisory: Improper Verification of Cryptographic Signature

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r96-8g3x-g36m. This link is maintained to preserve external references. Original Description tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption,...

CVE-2021-32685

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

CVE-2021-32685

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

Design/Logic Flaw

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

CVE-2021-32685

CVE-2021-32685 affects tEnvoy (used by TogaTech.org) where the verifyWithMessage function in tEnvoyNaClSigningKey incorrectly returns true for SHA-512 hashes that match the message hash, even if the signature is invalid. This flaw is present in versions prior to 7.0.3. The issue is patched in v7....

CVE-2021-32685 Improper Verification of Cryptographic Signature in tenvoy

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...

tEnvoy Data Forgery Issue Vulnerability

tEnvoy is an open source package. Used in node.js and the browser PGP, NaCl and PBKDF2 hash , random , encryption, decryption, signatures, conversion. A vulnerability exists in tEnvoy versions prior to 7.0.3 for data forgery issues. No detailed vulnerability details are provided at this time...

tEnvoy 数据伪造问题漏洞

tEnvoy is an open source package. Used in node.js and the browser PGP, NaCl and PBKDF2 hash , random , encryption, decryption, signatures, conversion. A vulnerability exists in tEnvoy versions prior to 7.0.3 for data forgery issues. No detailed vulnerability details are provided at this time...