7.5

CVE-2019-16753

Exploit

EPSS 0.18%
Veröffentlicht 04.12.2019 20:15:12
Zuletzt bearbeitet 21.11.2024 04:31:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Decentralized Anonymous Payment System Project ≫ Decentralized Anonymous Payment System Version <= 2019-08-26

Pivx ≫ Private Instant Verified Transactions Version <= 3.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.403

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-16753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16753

EUVD