View Issue Details

IDProjectCategoryView StatusLast Update
0011445Talerlibeufin-bankpublic2026-07-03 11:20
ReporterFlorian Dold Assigned ToAntoine A  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version1.6Fixed in Version1.6 
Summary0011445: prepared wire transfer API does not use the standard signature header and does not sign over full request
DescriptionFor all signatures in Taler, we use a standard header with a signature purpose and payload length field.

Additionally, the signature on /registration does not sign over fields like the amount, recurrent, etc.

Thus the same signature can easily be used to replay requests with different parameters, which defeats the purpose of having a signature in the first place.
TagsNo tags attached.

Relationships

related to 0011354 assignedAntoine A libeufin rewrite in Rust [1w] 

Activities

Antoine A

2026-05-28 18:41

developer   ~0028722

I would prefer to wait for the rust rewrite to be finished first

Antoine A

2026-07-03 10:10

developer   ~0029068

Fixed in 5b3c695a08f029befabd8f8eca3ce7a319428765

Issue History

Date Modified Username Field Change
2026-05-26 13:04 Florian Dold New Issue
2026-05-26 13:04 Florian Dold Status new => assigned
2026-05-26 13:04 Florian Dold Assigned To => Antoine A
2026-05-28 18:41 Antoine A Target Version 1.6 => 1.7
2026-05-28 18:41 Antoine A Relationship added related to 0011354
2026-05-28 18:41 Antoine A Note Added: 0028722
2026-07-03 10:10 Antoine A Status assigned => resolved
2026-07-03 10:10 Antoine A Resolution open => fixed
2026-07-03 10:10 Antoine A Note Added: 0029068
2026-07-03 11:20 Christian Grothoff Fixed in Version => 1.6
2026-07-03 11:20 Christian Grothoff Target Version 1.7 => 1.6