CVE-2018-3756

Name of the Vulnerable Software and Affected Versions Hyperledger Iroha versions v1.0 beta through v1.0.0 beta-1

Description The issue allows a single node to bypass transaction and block signature verification in the transaction and block validator. This can be achieved by signing a transaction and/or block multiple times, each with a random nonce, and having other validating nodes accept them as separate valid signatures.

Recommendations For Hyperledger Iroha versions v1.0 beta through v1.0.0 beta-1, as a temporary workaround, consider restricting the ability of a single node to sign transactions and blocks multiple times to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.