Veracode Vulnerability DatabaseVERACODE:40289Timing Attack
0.001 Low
EPSS
Percentile
46.1%
github.com/bnb-chain/tss-lib, github.com/iofinnet/thresh and github.com/thorchain/thorchain-tss are vulnerable to Timing Attacks. The vulnerability exists due to leakage of the lambda value of a private key in multiple functions including the functions in paillier.go which allows an attacker to gain sensitive information.
References
github.com/advisories/GHSA-mjqv-xhgm-gx8c
github.com/bnb-chain/tss-lib/blob/master/crypto/paillier/paillier.go#L67
github.com/bnb-chain/tss-lib/tree/v1.3.5
github.com/IoFinnet/threshlib/blob/master/crypto/paillier/paillier.go#L70
github.com/IoFinnet/tss-lib/releases/tag/v2.0.0
gitlab.com/thorchain/tss/tss-lib/-/blob/9c9f4b5ac77dbd6d1a50ccbf411b933fe4e7200a/crypto/paillier/paillier.go
gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3
medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
Related
