Количество 3
Количество 3
CVE-2022-47930
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.
GHSA-c58h-qv6g-fw74
IO FinNet tss-lib vulnerable to replay attacks involving proofs
SUSE-SU-2025:0429-1
Security update for govulncheck-vulndb
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-47930 An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | CVSS3: 6.8 | 0% Низкий | почти 3 года назад |
| GHSA-c58h-qv6g-fw74 IO FinNet tss-lib vulnerable to replay attacks involving proofs | CVSS3: 6.8 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2025:0429-1 Security update for govulncheck-vulndb | 12 месяцев назад |
Уязвимостей на страницу