Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Vulnerability Description
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
agent-js 安全漏洞
Vulnerability Description
agent-js是使用 JavaScript 围绕互联网计算机构建软件的库和工具的集合。 agent-js v0.20.0-beta.0至1.0.1版本存在安全漏洞,该漏洞源于存在信息泄露漏洞。
CVSS Information
N/A
Vulnerability Type
N/A