How severe is CVE-2024-1631?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-1631?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2024-1631

CRITICAL Year: 2024

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-321

View all →

Vulnerability Description

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller.

CVE-2019-19753

CRITICAL

CVSS:9.1(Critical)

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CWE-3212019

CVE-2019-7594

CRITICAL

CVSS:9.1(Critical)

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).

CWE-3212019

CVE-2022-29830

CRITICAL

CVSS:9.1(Critical)

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later ...

CWE-3212022

CVE-2025-30095

CRITICAL

CVSS:9.0(Critical)

VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker...

CWE-3212025

CVE-2020-7846

HIGH

CVSS:8.8(High)

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...

CWE-3212020

CVE-2021-27392

HIGH

CVSS:8.8(High)

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Vi...

CWE-3212021

CVE-2024-1631

Vulnerability Description

Related Vulnerabilities

CVE-2019-19753

CVE-2019-7594

CVE-2022-29830

CVE-2025-30095

CVE-2020-7846

CVE-2021-27392