3 matches found
CVE-2024-21670
The CVE-2024-21670 issue affects the Ursa CL-Signatures revocation scheme used in Hyperledger Ursa. The revocation schema contains a flaw that can let a malicious holder of a revoked credential generate a valid Non-Revocation Proof, causing a verifier to accept a credential as not revoked when it...
CVE-2022-31021
CVE-2022-31021 concerns Ursa/AnonCreds CL-Signatures: a weakness where the issuer’s key correctness proof is not published, potentially enabling weakened private keys that could allow verifiers to link presentations to the issuer. The issue applies to the CL-Signatures implementations used in Urs...
CVE-2024-22192
CVE-2024-22192 concerns Hyperledger Ursa CL-Signatures revocation: the revocation scheme may allow a malicious verifier to derive a unique identifier for a holder when a Non-Revocation proof is presented. The flaw affects Ursa CL-Signatures implementations across the chain, with Ursa reported to ...