Vulnerability	Vulnerable Version
M Missing Support for Integrity Check aries-cloudagent is a Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Affected versions of this package are vulnerable to Missing Support for Integrity Check that allows unauthenticated DIDComm messages to be received from connections in the invitation state, over the `basic_message` or `handshake_reuse` protocols. How to fix Missing Support for Integrity Check? Upgrade `aries-cloudagent` to version 0.11.2 or higher.	[,0.11.2)
C Improper Authentication aries-cloudagent is a Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. Affected versions of this package are vulnerable to Improper Authentication due to faulty verification of the `document.proof` during the presentation process. An attacker can manipulate the presentation of credentials to appear as verified despite the presence of errors or mismatches in the challenge, potentially leading to unauthorized access or actions. How to fix Improper Authentication? Upgrade `aries-cloudagent` to version 0.10.5, 0.11.0 or higher.	[,0.10.5)[0.11.0rc1,0.11.0)

Missing Support for Integrity Check

aries-cloudagent is a Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

Affected versions of this package are vulnerable to Missing Support for Integrity Check that allows unauthenticated DIDComm messages to be received from connections in the invitation state, over the basic_message or handshake_reuse protocols.

How to fix Missing Support for Integrity Check?

Upgrade aries-cloudagent to version 0.11.2 or higher.

[,0.11.2)

Improper Authentication

aries-cloudagent is a Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.

Affected versions of this package are vulnerable to Improper Authentication due to faulty verification of the document.proof during the presentation process. An attacker can manipulate the presentation of credentials to appear as verified despite the presence of errors or mismatches in the challenge, potentially leading to unauthorized access or actions.

How to fix Improper Authentication?

Upgrade aries-cloudagent to version 0.10.5, 0.11.0 or higher.

[,0.10.5)[0.11.0rc1,0.11.0)

Go back to all versions of this package