CVE-2020-11093

Improper Verification of Cryptographic Signature in pypi/indy-node

Identifier

CVE-2020-11093

Package Slug

pypi/indy-node

Vulnerability

Improper Verification of Cryptographic Signature

Description

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger.

Affected Versions

All versions before 1.12.4

Solution

Upgrade to version 1.12.4 or above.

Last Modified

2021-01-04

source