You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE record has been marked for NVD enrichment efforts.
Description
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
Impact
The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation.
Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe)
is compromised, one could lose funds associated with the principal on
ledgers or lose access to a canister where this principal is the
controller. Users are asked to take proactive measures mentioned below
in Workarounds:Users to protect their assets.
Patches
Patch for the vulnerability is available in v1.0.1 for all the packages listed in the advisory. Please upgrade and deploy your canisters immediately.
Workarounds
Developers
The recommended fix is to upgrade the package to the
patched version. If that is not possible, there are couple of
workarounds to handle the insecure key generation.
* Invoking the function as Ed25519KeyIdentity.generate(null)
would fix the broken conditional evaluation and force the function to
generate a securely random seed. However, this is not guaranteed to work
for future upgrades.
* Passing a securely generated randomness as a seed to Ed25519KeyIdentity.generate would force the library to use it as the seed to generate the key pair.
Users
Removing a controller of a canister if it's the affected principal
For all canisters you control, fetch the controllers of the canisters using
dfx canister info --ic <CANISTER>
If you see the principal 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe as one of the controllers, follow the steps below
dfx identity whoami # record CURRENT_IDENTITY
dfx identity new <NEW_IDENTITY_NAME>
dfx identity use <NEW_IDENTITY_NAME>
dfx identity get-principal <NEW_IDENTITY_NAME> # record NEW_IDENTIT
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.
Impact
The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation.
Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe)
is compromised, one could lose funds associated with the principal on
ledgers or lose access to a canister where this principal is the
controller. Users are asked to take proactive measures mentioned below
in Workarounds:Users to protect their assets.
Patches
Patch for the vulnerability is available in v1.0.1 for all the packages listed in the advisory. Please upgrade and deploy your canisters immediately.
Workarounds
Developers
The recommended fix is to upgrade the package to the
patched version. If that is not possible, there are couple of
workarounds to handle the insecure key generation.
* Invoking the function as Ed25519KeyIdentity.generate(null)
would fix the broken conditional evaluation and force the function to
generate a securely random seed. However, this is not guaranteed to work
for future upgrades.
* Passing a securely generated randomness as a seed to Ed25519KeyIdentity.generate would force the library to use it as the seed to generate the key pair.
Users
Removing a controller of a canister if it's the affected principal
For all canisters you control, fetch the controllers of the canisters using
dfx canister info --ic <CANISTER>
If you see the principal 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe as one of the controllers, follow the steps below
dfx identity whoami # record CURRENT_IDENTITY
dfx identity new <NEW_IDENTITY_NAME>
dfx identity use <NEW_IDENTITY_NAME>
dfx identity get-principal <NEW_IDENTITY_NAME> # record NEW_IDENTIT
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
