Vulnerabilities > Iofinnet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-21 | CVE-2022-47930 | Authentication Bypass by Capture-replay vulnerability in Iofinnet Tss-Lib An issue was discovered in IO FinNet tss-lib before 2.0.0. | 6.8 |
| 2023-04-21 | CVE-2023-26556 | Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). | 9.1 |
| 2023-04-21 | CVE-2023-26557 | Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. | 7.5 |
| 2022-12-23 | CVE-2022-47931 | Inadequate Encryption Strength vulnerability in Iofinnet Tss-Lib IO FinNet tss-lib before 2.0.0 allows a collision of hash values. | 9.1 |