CVE-2020-11093

Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...