Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-33242 PoC — Lindell17 TSS 注入漏洞

Source
https://github.com/d0rb/CVE-2023-33242
Associated Vulnerability
Title:Lindell17 TSS 注入漏洞 (CVE-2023-33242)
Description:tss-lib是IO FinNet开源的一个基于 Gennaro 和 Goldfeder 2020[1] 和 EdDSA (Edwards Curve Digital Signature Algorithm) 的多方 {t,n}- 阈值 ECDSA(椭圆曲线数字签名算法)的实现。 Lindell17 TSS 存在安全漏洞,该漏洞源于允许攻击者使用 Lindell17 TSS 协议从任何钱包中提取完整私钥。
Description
CVE-2023-33242  PoC
Readme
# CVE-2023-33242
CVE-2023-33242  PoC
The simulated Lindell17 protocol is vulnerable to a bit extraction exploit, allowing an attacker to recover the private key by iteratively extracting individual bits of the key. The protocol is designed to generate ECDSA signatures in a client-server model, with each party holding a share of the ECDSA secret key. The vulnerability lies in the mishandling of aborts during signature attempts, enabling the attacker to extract bits of the secret key over multiple iterations.
File Snapshot

 [4.0K]  /data/pocs/35fe56b4526c32072c064941bd647ceeaefb2ea0
├── [1.9K]  PoC.cpp
└── [ 513]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.