Veracode Vulnerability DatabaseVERACODE:32889Signature Verification Bypass
0.003 Low
EPSS
Percentile
68.9%
starkbank-ecdsa is vulnerable to signature verification bypass. An attacker can forge the signatures on arbitrary messages to verify any public key, authenticating as any user on the stark bank platform.
| CPE | Name | Operator | Version |
|---|---|---|---|
| starkbank ecdsa library | le | 1.0.1 | |
| starkbank ecdsa library | le | 1.0.1 |
References
github.com/advisories/GHSA-9wx7-jrvc-28mm
github.com/starkbank/ecdsa-dotnet/commit/35ad8feca8134148b7fe3d1783a95dc8743cf718
github.com/starkbank/ecdsa-dotnet/pull/18
github.com/starkbank/ecdsa-java/commit/ed22e484186d6c66d3686bfe39d01bdbabf219b6
github.com/starkbank/ecdsa-java/pull/16
github.com/starkbank/ecdsa-java/releases/tag/v1.0.1
github.com/starkbank/ecdsa-node/commit/c4ee069c677c51fd832ef8af6914b4ec35e93fae
github.com/starkbank/ecdsa-node/pull/14
github.com/starkbank/ecdsa-python/commit/ea20ebbee9a2eb8fb3468522a2d7c6c1c45cd528
github.com/starkbank/ecdsa-python/pull/28
github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
Related
