An attacker can forge a credential if the DID document somewhere contains a leaked update key and the registry can be spoofed to the verifier.
The preconditions for a successful attack are:
- The verifier allow list contains a DID that has a leaked key in some of the previous logs (doesn't have to be valid anymore)
- The attacker has an option to spoof the registry for a verifier (e.g., by DNS hijacking)
An attacker can forge a credential if the DID document somewhere contains a leaked update key and the registry can be spoofed to the verifier.
The preconditions for a successful attack are: