Arbitrary Key Recovery Vulnerability in Xuperchain by Xuperchain
CVE-2020-22741

7.5HIGH

Key Information:

Vendor: Baidu
Status: Xuperchain
Vendor: CVE Published:; 19 July 2021

What is CVE-2020-22741?

A vulnerability in Xuperchain version 3.6.0 allows attackers to exploit a weakness in the multisignature scheme, enabling them to recover arbitrary users' private keys. This issue arises when an attacker obtains a partial signature from a multisignature transaction, posing serious risks to user security and data integrity. Affected users should take immediate actions to protect their private keys and review their security measures.

References

https://github.com/xuperchain/xuperchain/issues/782

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2021
Vulnerability Reserved
Aug 13, 2020

Baidu

What is CVE-2020-22741?

References

CVSS V3.1

Timeline