Inadequate Encryption Strength in chiavdf

Do your applications use this vulnerable package? Test your applications

Overview

chiavdf is a Chia vdf verification (wraps C++)

Affected versions of this package are vulnerable to Inadequate Encryption Strength. Grinding attacks could be possible where some non-canonical encodings of a compressed form could be used to change its hash and thus the next challenges derived from it.

Remediation

Upgrade chiavdf to version 1.0 or higher.

References

GitHub Commit

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

Low
Integrity

Low
Availability

None

Credit: Unknown
CWE: CWE-326
Snyk ID: SNYK-PYTHON-CHIAVDF-1090203
Disclosed: 01 Apr, 2021
Published: 01 Apr, 2021

Inadequate Encryption Strength
Affecting chiavdf package, versions [,1.0)

Overview

Remediation

References

CVSS Score

Inadequate Encryption Strength Affecting chiavdf package, versions [,1.0)

Overview

Remediation

References

Inadequate Encryption Strength
Affecting chiavdf package, versions [,1.0)