CVE-2019-16992
HIGHKeybase 2.13.2 - Improper Verification of Cryptographic Signature
Title source: llmDescription
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://sneak.berlin/20190929/keybase-backdoor/
Third Party Advisory x_refsource_misc
https://github.com/keybase/keybase-issues/issues/3583
Scores
CVSS v3
7.5
EPSS
0.0094
EPSS Percentile
56.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-347
Status
published
Products (1)
keybase/keybase
2.13.2
Published
Sep 30, 2019
Tracked Since
Feb 18, 2026