4 matches found
GHSA-7R96-8G3X-G36M Improper Verification of Cryptographic Signature
Impact The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid. Patches Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the...
Improper Verification of Cryptographic Signature
Impact The verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature of a SHA-512 hash matching the SHA-512 hash of the message even if the signature is invalid. Patches Upgrade to v7.0.3 immediately to resolve this issue. Since the vulnerability lies within the...
CVE-2021-32685
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...
Design/Logic Flaw
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser hashing, random, encryption, decryption, signatures, conversions, used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 ha...