-
**Description:**
The current implementation of JWT signing in `pages/api/admin-check-login-code.ts` relies on the default signing algorithm, which is HS256. While HS256 is secure and appropriate for …
-
#### **Issue Description**
The current implementation in the pages/api/_services.ts file relies heavily on environment variables to manage sensitive credentials such as API keys, JWT secrets, and dat…
-
These vulnerabilities are based off the questions asked here: https://www.votingvillage.org/siv
### Can you break the SIV system?
**Vulnerabilities:**
- **Package:** node-forge
**Descriptio…
-
## No Log-In Needed
- [x] 1. Go to siv.org, HeaderBar —> `Create Election`
2. Next Page: _https://siv.org/admin_ page w/ field `Election Title`:
- underneath have a warning sign "This is …
-
RFC 5297 specifies AES-CIV-CMAC as being able to accept any nonce size >= 1. However, the implementation here only supports 16 byte nonces. Would it be possible to support the other nonce sizes? I gue…
-
**Description:**
The JWT tokens in `pages/api/admin-check-login-code.ts` are currently set with an expiration date far in the future (`2038`). This could lead to significant security risks if tokens …
-
I also can't find aes-gcm-siv implementations in other popular python projects like [tink](https://github.com/google/tink) and [cryptography](https://github.com/pyca/cryptography), only a sample [scri…
-
Hi.
Thanks for your wonderful paper.
This paper aims to improve the SIVI, in the SIVI experiments, it can construct a SIVI-VAE. But in SIVI-SM, which does not provide the experiments about VAE with …
-
According to [@agl__](https://twitter.com/agl__/status/1118669601129189376), this would reduce the impact of nonce-reuse (referenced in https://github.com/dotnet/corefx/issues/7023#issuecomment-199605…
-
Reported by Drew Springall (@aaspring) yesterday at DEF CON (~24 hours before submissions close):
### 2nd Device Malware Verification Check can be defeated by rerouting the QR code to another malic…