Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Vulnerability Description
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Hyperledger Ursa 加密问题漏洞
Vulnerability Description
Hyperledger Ursa是Hyperledger开源的一个与区块链一起使用的密码库。 Hyperledger Ursa 0.1.0版本存在加密问题漏洞,该漏洞源于允许已吊销凭据的恶意持有者在AnonCreds演示中为该凭据生成有效的非吊销证明。
CVSS Information
N/A
Vulnerability Type
N/A