View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011445 | Taler | libeufin-bank | public | 2026-05-26 13:04 | 2026-05-28 18:41 |
| Reporter | Florian Dold | Assigned To | Antoine A | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | assigned | Resolution | open | ||
| Target Version | 1.7 | ||||
| Summary | 0011445: prepared wire transfer API does not use the standard signature header and does not sign over full request | ||||
| Description | For all signatures in Taler, we use a standard header with a signature purpose and payload length field. Additionally, the signature on /registration does not sign over fields like the amount, recurrent, etc. Thus the same signature can easily be used to replay requests with different parameters, which defeats the purpose of having a signature in the first place. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-05-26 13:04 | Florian Dold | New Issue | |
| 2026-05-26 13:04 | Florian Dold | Status | new => assigned |
| 2026-05-26 13:04 | Florian Dold | Assigned To | => Antoine A |
| 2026-05-28 18:41 | Antoine A | Target Version | 1.6 => 1.7 |
| 2026-05-28 18:41 | Antoine A | Relationship added | related to 0011354 |
| 2026-05-28 18:41 | Antoine A | Note Added: 0028722 |
