CVE-2024-1631 Overview
CVE-2024-1631 is an Insecure Random Number Generation vulnerability affecting the DFINITY Agent.js library's Ed25519KeyIdentity.generate function. The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional parameter to provide a 32-byte seed value, which is then used as the secret key. When no seed value is provided, the library is expected to generate the secret key using secure randomness. However, a code change broke this guarantee and introduced an insecure seed for key pair generation, resulting in predictable cryptographic keys.
Critical Impact
The private key generated by the vulnerable library version is compromised, allowing attackers to steal funds from associated ledger principals or gain unauthorized control of canisters where the compromised principal is set as controller.
Affected Products
- DFINITY icp-js-core
- @dfinity/identity NPM package (affected versions)
- Applications using Agent.js for Internet Computer identity management
Discovery Timeline
- 2024-02-21 - CVE-2024-1631 published to NVD
- 2025-12-10 - Last updated in NVD database
Technical Details for CVE-2024-1631
Vulnerability Analysis
This vulnerability represents a critical cryptographic failure in the DFINITY Agent.js library used for interacting with the Internet Computer blockchain. The Ed25519KeyIdentity.generate function is designed to create cryptographically secure ed25519 key pairs for identity management. When developers call this function without providing an explicit seed, the library should generate a cryptographically secure random 32-byte seed internally.
However, a regression introduced an insecure seed generation mechanism. Instead of using a cryptographically secure random number generator (CSPRNG), the vulnerable code produces a predictable seed value. This results in the generation of a known, compromised private key corresponding to the principal 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe.
Any application that used the vulnerable version to generate new identities without explicitly providing a secure seed has created compromised identities. Attackers with knowledge of this vulnerability can derive the private key and impersonate these identities.
Root Cause
The root cause is classified under CWE-330 (Use of Insufficiently Random Values) and CWE-321 (Use of Hard-coded Cryptographic Key). A code change inadvertently replaced the secure random number generation logic with a mechanism that produces a static or predictable seed value. This violates the fundamental security requirement that cryptographic key material must be derived from high-entropy, unpredictable sources.
Attack Vector
The attack vector is network-based and requires no privileges or user interaction. An attacker can exploit this vulnerability by:
- Identifying applications or users that generated identities using the vulnerable library version
- Using the known compromised private key to sign transactions or perform authenticated actions
- Accessing funds stored in ledger accounts associated with the compromised principal
- Taking control of canisters where the compromised principal is designated as a controller
The vulnerability is particularly dangerous because it affects key generation at the foundational level—once keys are generated insecurely, all subsequent security measures built upon those keys are compromised.
Since this is a cryptographic vulnerability in key generation, the exploitation mechanism involves deriving the known compromised private key and using it to authenticate as any identity that was generated with the vulnerable library. For detailed technical analysis, refer to the GitHub Security Advisory GHSA-c9vv-fhgv-cjc3.
Detection Methods for CVE-2024-1631
Indicators of Compromise
- Presence of the compromised principal identifier 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe in application identity stores or canister controller lists
- Unauthorized transactions or asset transfers from ledger accounts associated with identities generated during the vulnerable period
- Unexpected canister configuration changes or unauthorized method calls from the compromised principal
Detection Strategies
- Audit all identities generated using @dfinity/identity to identify any matching the known compromised principal
- Review application dependencies and package-lock.json files for vulnerable versions of the @dfinity/identity package
- Monitor canister controller lists and ledger transactions for activity from the compromised principal
Monitoring Recommendations
- Implement continuous monitoring of canister controller modifications and ledger transactions for the known compromised principal
- Set up alerts for any authentication attempts using the compromised identity within your Internet Computer applications
- Conduct periodic audits of cryptographic key generation processes and dependency versions
How to Mitigate CVE-2024-1631
Immediate Actions Required
- Update the @dfinity/identity package to version 1.0.1 or later immediately
- Audit all identities that were generated using the vulnerable library version and regenerate them using the patched version
- Transfer any funds from ledger accounts associated with compromised identities to newly generated secure identities
- Update canister controller configurations to replace any compromised principals with newly generated secure identities
Patch Information
DFINITY has addressed this vulnerability in the Agent.js library. The fix is available in @dfinity/identity version 1.0.1 and later. The patch restores proper cryptographically secure random number generation when Ed25519KeyIdentity.generate is called without an explicit seed parameter. Users should update their dependencies by installing the latest version from NPM. For technical details on the fix, see GitHub Pull Request #851.
Workarounds
- If immediate patching is not possible, explicitly provide a cryptographically secure 32-byte seed when calling Ed25519KeyIdentity.generate using Node.js crypto.randomBytes(32) or equivalent
- Avoid generating new identities with the vulnerable version until the package can be updated
- Consider implementing identity generation in a separate, isolated service using a patched library version
# Update @dfinity/identity to the patched version
npm update @dfinity/identity
# Verify the installed version is 1.0.1 or later
npm list @dfinity/identity
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
