CVE-2022-47930
Vulnerability Summary
Timeline
Description
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.8CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Trends
Current EPSS score: 0.10%• Percentile: 27%
Techniques & Countermeasures
- CWE-294•Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Affected Systems
- github.com/binance-chain•tss-lib
< 2.0.0 | all
- github.com/bnb-chain•tss-lib
< 2.0.0 | all
- iofinnet•tss-lib
< 2.0.0
References (7)
- https://github.com/IoFinnet/tss-lib/releases/tag/v2.0.0
- https://medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b
- https://nvd.nist.gov/vuln/detail/CVE-2022-47930
- https://github.com/bnb-chain/tss-lib/pull/256
- https://github.com/bnb-chain/tss-lib/commit/1a14f3ac9ecbf6115e80d44c7fff16bcc3139250
- https://github.com/bnb-chain/tss-lib
- https://medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155b