An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.
References
Link | Resource |
---|---|
https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf | Exploit Third Party Advisory |
https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf - Exploit, Third Party Advisory |
Information
Published : 2019-12-04 20:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-16753
Mitre link : CVE-2019-16753
CVE.ORG link : CVE-2019-16753
JSON object : View
Products Affected
pivx
- private_instant_verified_transactions
decentralized_anonymous_payment_system_project
- decentralized_anonymous_payment_system
CWE
CWE-347
Improper Verification of Cryptographic Signature