OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

Impact OpenBao allows assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When using the usernameasalias=true parameter in the LDAP auth method, the caller-supplied username is used verbatim without normalization, allowing an attacker to...

PYSEC-2020-48

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...