stellar-sdk uses insecure signature verification.The function Utils.readChallengeTx
fails to verify that the transactions are signed by serverAccountID, allowing invalid challenge transactions as valid ones.
CPE | Name | Operator | Version |
---|---|---|---|
stellar-sdk | le | 8.2.2 | |
stellar-sdk | le | 8.2.2 |