Vulnerability Description
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Decentralized Anonymous Payment System Project | Decentralized Anonymous Payment System | <= 2019-08-26 |
| Pivx | Private Instant Verified Transactions | <= 3.4.0 |
Related Weaknesses (CWE)
References
- https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-SecurityExploitThird Party Advisory
- https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-SecurityExploitThird Party Advisory
FAQ
What is CVE-2019-16753?
CVE-2019-16753 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their bi...
How severe is CVE-2019-16753?
CVE-2019-16753 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16753?
Check the references section above for vendor advisories and patch information. Affected products include: Decentralized Anonymous Payment System Project Decentralized Anonymous Payment System, Pivx Private Instant Verified Transactions.