CVE-2019-16753

Published: Dec 4, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.

Affected (2)

Products: Decentralized Anonymous Payment System Project: Decentralized Anonymous Payment System · Pivx: Private Instant Verified Transactions

Decentralized Anonymous Payment System Project

1 product

Decentralized Anonymous Payment System

Pivx

1 product

Private Instant Verified Transactions

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Decentralized Anonymous Payment System Project Decentralized Anonymous Payment System	Up to 2019-08-26
Pivx Private Instant Verified Transactions	Up to 3.4.0

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.