Improper Authentication Affecting eth-ledger-bridge-keyring package, versions <0.2.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-ETHLEDGERBRIDGEKEYRING-561121
- published 25 Mar 2020
- disclosed 25 Mar 2020
- credit Unknown
How to fix?
Upgrade eth-ledger-bridge-keyring to version 0.2.1 or higher.
Overview
eth-ledger-bridge-keyring is an implementation of MetaMask's Keyring interface, that uses a Ledger hardware wallet for all cryptographic operations.
Note: This package has been deprecated and replaced by @metamask/eth-ledger-bridge-keyring
Affected versions of this package are vulnerable to Improper Authentication. It affects users who are using this library to sign with a BIP44 account other than the first account. If a user is signing with the first account (i.e. the account at index 0), or with the legacy MEW/MyCrypto HD path, they are not affected.