Login Sign Up

CVE-2024-1631

9.1 CRITICAL

📋 TL;DR

This vulnerability in the @dfinity/identity library allows attackers to compromise ed25519 key pairs when no seed value is provided, using predictable/insecure randomness instead of secure cryptographic randomness. This affects applications using the Ed25519KeyIdentity.generate() function without a seed parameter, potentially leading to loss of funds or access to canisters on the Internet Computer blockchain.

💻 Affected Systems

Products:
  • @dfinity/identity
Versions: Versions before 1.0.1
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects usage of Ed25519KeyIdentity.generate() without providing a secure 32-byte seed parameter.

📦 What is this software?

Icp Js Core by Dfinity

View all CVEs affecting Icp Js Core →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of blockchain identities, loss of all funds associated with vulnerable principals, and permanent loss of control over canisters where vulnerable principals are controllers.

🟠

Likely Case

Attackers generate predictable private keys to steal funds from vulnerable blockchain accounts or take control of canisters.

🟢

If Mitigated

No impact if using secure seed values or patched versions, or if vulnerable function isn't used.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in the library itself - attackers can generate the same predictable keys as legitimate users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1

Vendor Advisory: https://github.com/dfinity/agent-js/security/advisories/GHSA-c9vv-fhgv-cjc3

Restart Required: No

Instructions:

1. Update @dfinity/identity to version 1.0.1 or later. 2. Run 'npm update @dfinity/identity' or 'yarn upgrade @dfinity/identity'. 3. Rebuild and redeploy affected applications.

🔧 Temporary Workarounds

Provide secure seed parameter

all

Always provide a cryptographically secure 32-byte seed when calling Ed25519KeyIdentity.generate()

🧯 If You Can't Patch

  • Immediately rotate all keys generated with vulnerable versions and move funds to new secure identities
  • Stop using Ed25519KeyIdentity.generate() without secure seed parameters in all applications

🔍 How to Verify

Check if Vulnerable:

Check package.json for @dfinity/identity version <1.0.1 and review code for calls to Ed25519KeyIdentity.generate() without seed parameter.

Check Version:

npm list @dfinity/identity or check package.json

Verify Fix Applied:

Confirm @dfinity/identity version is 1.0.1 or higher in package.json and package-lock.json/yarn.lock

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts with predictable keys
  • Unexpected principal/identity changes

Network Indicators:

  • Unusual blockchain transactions from vulnerable principals

SIEM Query:

Search for application logs containing 'Ed25519KeyIdentity.generate' calls without seed parameters

📊 Metadata

CVE ID: CVE-2024-1631
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-321
Published: February 21, 2024
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1631, you might also want to check these:

CVE-2024-30207 10.0

This vulnerability affects multiple SIMATIC RTLS Locating Manager products where communication betwe...

Same vulnerability type (CWE-321)
CVE-2025-34256 9.8

This vulnerability allows remote unauthenticated attackers to forge JWT tokens using a hard-coded cr...

Same vulnerability type (CWE-321)
CVE-2026-25894 9.8

An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote...

Same vulnerability type (CWE-321)