Tag
The bsv-sdk and bsv-wallet packages are vulnerable to credential forgery because the `acquire_certificate` function persists certificate records to storage without verifying the certifier's signature, allowing attackers to forge identity certificates.