Lucene search
K

14 matches found

Packet Storm News
Packet Storm News
added 2025/12/25 12:0 a.m.5 views

Verifiable Passkey: The Decentralized Authentication Standard

Passwordless authentication has revolutionized the way we authenticate across various websites and services. FIDO2 Passkeys, is one of the most-widely adopted standards of passwordless authentication that promises phishing-resistance. However, like any other authentication system, passkeys requir...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0268

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References4
NVD
NVD
added 2024/01/16 10:15 p.m.44 views

CVE-2024-21670

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

8.1CVSS6.9AI score0.00276EPSS
Exploits0References1
Prion
Prion
added 2024/01/16 10:15 p.m.18 views

Design/Logic Flaw

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

4.3CVSS7AI score0.00317EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 9:44 p.m.5 views

CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

6.5CVSS7AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/16 9:44 p.m.33 views

CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2024/01/16 9:44 p.m.45 views

CVE-2024-22192

CVE-2024-22192 concerns Hyperledger Ursa CL-Signatures revocation: the revocation scheme may allow a malicious verifier to derive a unique identifier for a holder when a Non-Revocation proof is presented. The flaw affects Ursa CL-Signatures implementations across the chain, with Ursa reported to ...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/16 9:44 p.m.18 views

CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References3
CVE
CVE
added 2024/01/16 9:44 p.m.72 views

CVE-2024-21670

The CVE-2024-21670 issue affects the Ursa CL-Signatures revocation scheme used in Hyperledger Ursa. The revocation schema contains a flaw that can let a malicious holder of a revoked credential generate a valid Non-Revocation Proof, causing a verifier to accept a credential as not revoked when it...

8.1CVSS7.9AI score0.00276EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/16 9:44 p.m.29 views

CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

6.5CVSS7.8AI score0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/16 9:44 p.m.19 views

CVE-2024-21670 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

6.5CVSS6.7AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.6 views

Hyperledger Aries Cloud Agent Python Data Forgery Issue Vulnerability

Hyperledger Aries Cloud Agent Python is a tool for building the foundation of decentralized identity applications and services that run in non-mobile environments. A data forgery issue vulnerability exists in Hyperledger Aries Cloud Agent Python versions prior to 0.7.0, which stems from a data...

9.9CVSS6.8AI score0.00627EPSS
Exploits1References6
OSV
OSV
added 2020/03/06 1:16 a.m.8 views

GHSA-P94W-42G3-F7H4 Holder can (re)create authentic credentials after receiving a credential in vp-toolkit

Impact The verifyVerifiableCredential method check the cryptographic integrity of the Verifiable Credential, but it does not check if the credential.issuer DID matches the signer of the credential. The verifier is impacted by this vulnerability. Patches Patch will be available in version 0.2.2...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/03/06 1:16 a.m.74 views

Holder can (re)create authentic credentials after receiving a credential in vp-toolkit

Impact The verifyVerifiableCredential method check the cryptographic integrity of the Verifiable Credential, but it does not check if the credential.issuer DID matches the signer of the credential. The verifier is impacted by this vulnerability. Patches Patch will be available in version 0.2.2...

2.3AI score
Exploits0References4Affected Software1
Rows per page
Query Builder