2 matches found
GHSA-R7VQ-6425-J94W Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...
GHSA-GP6J-VX54-5PMF Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...