PT-2019-14913 · Keybase · Keybase

Jeffrey Paul

Published

2019-09-29

Updated

2019-10-08

CVE-2019-16992

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Keybase app version 2.13.2 for iOS

Description The issue concerns potentially insufficient notice that the app is using a user's private key to sign a cryptocurrency attestation for Stellar payments. This might be incompatible with a user's personal position on the semantics of an attestation.

Recommendations For Keybase app version 2.13.2, consider reviewing the app's settings and documentation to understand how it handles private keys and cryptocurrency attestations, and adjust usage accordingly to align with personal preferences on attestation semantics. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2019-16992

Affected Products

Keybase

PT-2019-14913 · Keybase · Keybase

CVE-2019-16992

Weakness Enumeration

Related Identifiers

Affected Products

References · 4