CVE-2024-1631

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 21, 2024

Updated: Feb 22, 2024

CWE ID 321

CWE ID 330

Summary

CVE-2024-1631 is a vulnerability affecting a certain library, where the secure generation of ed25519 key pairs has been compromised. The function Ed25519KeyIdentity.generate, used to create key pairs, now uses an insecure seed by default instead of secure randomness. This issue poses a significant risk as the private key associated with the principal (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) can be compromised. The consequences of this vulnerability include potential loss of funds associated with the affected ledgers or loss of access to canisters where this principal is the controller.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-1631

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations