Alexandredeleze

**Name of the Vulnerable Software and Affected Versions** Hyperledger Indy Node versions prior to 1.12.4 **Description** The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no particular role can ask for an update for another DID, but cannot modify its verkey or role. This enables any DID to write a nym transaction to the ledger, change any other DID's alias, and modify the ledger metadata associated with a DID. **Recommendations** To resolve the issue, update to Hyperledger Indy Node version 1.12.4 or later. As a temporary workaround, consider restricting access to the `nym` transaction handler to minimize the risk of exploitation. Additionally, restrict the ability of DIDs to update other DIDs' aliases and metadata until the issue is resolved.