We found results for “”
WS-2020-0048
Good to know:
Date: February 26, 2020
The verifyVerifiableCredential() method check the cryptographic integrity of the Verifiable Credential, but it does not check if the credential.issuer DID matches the signer of the credential.this vulnerability impacts the verifier.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Cryptographic Issues
CWE-310Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |