-
Under "a note on security" you say:
> This package is in no way as secure as a password and will never be. Although it's harder to fool than normal face recognition, a person who looks similar to …
-
-
`hs.execute` is vulnerable to shell injection attacks due to the lack of input escaping.
The most problematic line is
```
f = io.popen(os.getenv("SHELL")..[[ -l -i -c "]]..command..[["]], 'r')
…
-
Side-channel attacks are a category of security threats that exploit information unintentionally leaked through computing systems' physical operation. Unlike direct attacks focusing on software or net…
-
We got some reports in the past that it is possible to run a "clickjacking" attack against giveth.io
(essentially people could embed the whole site in an iframe and display it on their site, changi…
-
-
### Description
[CWE-307: Improper Restriction of Excessive Authentication Attempts](https://cwe.mitre.org/data/definitions/307.html)
An attacker can easily utilize `Plogin` to ***Brute Force*** a v…
-
This issue refers to the security review requested in this issue https://github.com/w3c/security-request/issues/71
Structuring the Security Considerations section along the lines of [RFC 3552](http…
-
Is RKA security something we may want to include in the security properties?
Relevant paper: https://eprint.iacr.org/2022/140
-
[ Began writing up some notes on this ~ Dec 3, 2021: ]
Can we allow voters to submit their votes, and have strong cryptographic confirmation that it was received, without ever revealing the links b…