Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Vulnerability Description
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
Hyperledger Ursa 加密问题漏洞
Vulnerability Description
Hyperledger Ursa是Hyperledger开源的一个与区块链一起使用的密码库。 Hyperledger Ursa 0.1.0版本存在加密问题漏洞,该漏洞源于Ursa CL-Signatures Revocation允许验证者为持有者生成唯一标识符,从而提供包含非撤销证明的可验证演示文稿。
CVSS Information
N/A
Vulnerability Type
N/A