Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Iroha | Hyperledger | 1.0-beta (including) | 1.0-beta (including) |
Iroha | Hyperledger | 1.0.0-beta1 (including) | 1.0.0-beta1 (including) |