tuf improperly verifies cryptographic signatures. The vulnerability exists as it was possible for an attacker to use a duplicated valid signature to subvert the signature thresholds check and to use 1 set of signature with multiple keyid to bypass the intended signature threshold for the verification to succeed.