Name of the Vulnerable Software and Affected Versions eth-ledger-bridge-keyring versions prior to 0.2.1 @metamask/eth-ledger-bridge-keyring versions prior to 0.2.2

Description The issue affects users who sign with a BIP44 account other than the first account. It impacts cases where a user signs a personal message or transaction without first adding the account, including cases where the account was added in a previous session. The serialization/deserialization process restores a previously added account but does not restore the index instructing the keyring to use that account for signing, resulting in the account at index 0 being used for signing even if it isn't the current account.

Recommendations For eth-ledger-bridge-keyring versions prior to 0.2.1, update to version 0.2.1 or later. For @metamask/eth-ledger-bridge-keyring versions prior to 0.2.2, update to version 0.2.2 or later. As a temporary workaround, remove and then re-add the account before use to ensure signing works correctly.