starkbank-ecdsa is vulnerable to signature verification bypass. An attacker can forge the signatures on arbitrary messages to verify any public key, authenticating as any user on the stark bank platform.
CPE | Name | Operator | Version |
---|---|---|---|
starkbank ecdsa library | le | 1.0.1 | |
starkbank ecdsa library | le | 1.0.1 |
github.com/advisories/GHSA-9wx7-jrvc-28mm
github.com/starkbank/ecdsa-dotnet/commit/35ad8feca8134148b7fe3d1783a95dc8743cf718
github.com/starkbank/ecdsa-dotnet/pull/18
github.com/starkbank/ecdsa-java/commit/ed22e484186d6c66d3686bfe39d01bdbabf219b6
github.com/starkbank/ecdsa-java/pull/16
github.com/starkbank/ecdsa-java/releases/tag/v1.0.1
github.com/starkbank/ecdsa-node/commit/c4ee069c677c51fd832ef8af6914b4ec35e93fae
github.com/starkbank/ecdsa-node/pull/14
github.com/starkbank/ecdsa-python/commit/ea20ebbee9a2eb8fb3468522a2d7c6c1c45cd528
github.com/starkbank/ecdsa-python/pull/28
github.com/starkbank/ecdsa-python/releases/tag/v2.0.1
research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/