Light client verification not taking into account chain ID

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes). The light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client. The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks. This issue is patched in version 0.28.0. There are no workarounds.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

密码学签名的验证不恰当

Tendermint 数据伪造问题漏洞

Tendermint是美国Tendermint公司的一款Byzantine Fault Tolerant (BFT) 式中间件。 Tendermint 0.28.0之前版本存在数据伪造问题漏洞，该漏洞源于包含通过不正确的加密签名验证进行的潜在攻击，影响任何使用 tendermint-light-client 和相关软件包执行轻客户端验证的人，攻击者利用该漏洞可以欺骗轻客户端。

N/A

N/A