CVE-2022-31021

Unlinkability broken in ursa when verifiers use malicious keys

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.

Ursa es una librería criptográfica para usar con blockchains. Una debilidad en la especificación Hyperledger AnonCreds que no se mitiga en las implementaciones Ursa y AnonCreds es que el Emisor no publica una prueba de corrección de clave que demuestre que una clave privada generada es suficiente para cumplir con las garantías de desvinculación de AnonCreds. Las implementaciones Ursa y AnonCreds CL-Signatures siempre generan una clave privada suficiente. En teoría, un emisor malintencionado podría crear una implementación personalizada de CL Signature (derivada de las implementaciones Ursa o AnonCreds CL-Signatures) que utilice claves privadas debilitadas, de modo que los verificadores puedan compartir las presentaciones de los titulares con el emisor, quien podría determinar a qué titular se se emitió la credencial. Esta vulnerabilidad podría afectar a los titulares de credenciales de AnonCreds implementadas utilizando el esquema de firma CL en las implementaciones Ursa y AnonCreds de CL Signatures. El proyecto Ursa ha llegado al estado de fin de vida útil y no se espera ninguna solución.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-18 CVE Reserved
2024-01-16 CVE Published
2024-01-25 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3	2024-01-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hyperledger Search vendor "Hyperledger"		Ursa Search vendor "Hyperledger" for product "Ursa"				< 0.3 Search vendor "Hyperledger" for product "Ursa" and version " < 0.3"		rust		Affected