Advisories for Cargo/Biscuit-Auth package

Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it: the public key of the previous block (used in the signature) the public keys part of the token symbol table (for public key interning in datalog expressions) A third-part block request forged by a malicious …

The paper Cryptanalysis of Aggregate Γ-Signature and Practical Countermeasures in Application to Bitcoin defines a way to forge valid Γ-signatures, an algorithm that is used in the Biscuit specification version 1. It would allow an attacker to create a token with any access level. As Biscuit v1 was still an early version and not broadly deployed, we were able to contact all known users of Biscuit v1 and help them …