CVE-2024-1631: 
JavaScript vulnerability analysis and mitigation

A critical vulnerability was discovered in the Ed25519KeyIdentity.generate function of the @dfinity/identity and @dfinity/auth-client packages (versions >= v0.20.0-beta.0, < 1.0.1). The vulnerability was disclosed on February 20, 2024, and affects the key pair generation functionality when no seed value is provided (DFINITY Advisory).

The vulnerability occurs in the Ed25519KeyIdentity.generate function, which is designed to generate an ed25519 key pair. When no seed value is provided, the function should generate a secure random seed for the secret key. However, a recent change compromised this functionality, causing the function to use an insecure seed for key pair generation. The vulnerability has been assigned a CVSS v3.1 score of 9.1 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (DFINITY Advisory).

The impact of this vulnerability is severe as it compromises the security of generated identities. Specifically, the private key of the identity with principal 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe is compromised. This could lead to loss of funds associated with the principal on ledgers or loss of access to canisters where this principal is the controller (DFINITY Advisory).

A patch has been released in version 1.0.1 of the affected packages. For users unable to upgrade immediately, two temporary workarounds are available: 1) Invoke the function as Ed25519KeyIdentity.generate(null) to force secure random seed generation, or 2) Pass a securely generated randomness as a seed to Ed25519KeyIdentity.generate. Users should also check their canisters for the compromised principal and remove it if found, and transfer any funds from affected wallets to new accounts (DFINITY Advisory, NPM Package).