-
Hi, I don't know where to put this obvious suggestion, but it seems like this issue gets created multiple times and then summarily closed off.
Rather to ask for an ETA on a fix (the author has made…
-
We currently emit curl-sh exprs of the form:
```
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.3.0/cargo-dist-installer.sh | sh
```
This wa…
-
Now that we can capture NetNTLM hashes (#367), someone from pentest told me that we should test downgrading to NetNTLMv1. This version is easier to crack and you can even rainbowtable it. Some tests w…
-
Signatures on an image is in itself not enough to verify that an image is proper. Signatures do not defend against downgrade attacks.
However, embedding a "parent pointer", like in a git commit, and…
-
Hello
Is it possible to use SSLproxy in the following scenario:
- Client sends a TLS 1.3 ClientHello
- SSLproxy transparently intercepts the request, downgrade to TLS 1.2 and forwards it to the …
-
# Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L532-L568
# Vulnerability details
## Proof of Concept
…
-
## Expected Behavior
Uchiwa supports HTTP Strict Transport Security (HSTS) as a mechanism for protecting against protocol downgrade attacks and cookie hijacking.
## Current Behavior
Uchiwa do…
-
# Lines of code
https://github.com/code-423n4/2024-05-bakerfi/blob/main/contracts/core/Vault.sol#L153-L158
# Vulnerability details
## Description
The [Vault::rebalance()](https://github.com/code-4…
-
Using GPG signed APT repositories leaves a repository and its users open to several serious attacks that are not prevented with the `Valid-Until` header (replay attacks, freeze attacks, downgrade atta…
-
It seems it's fully optional right now:
https://github.com/node-oauth/node-oauth2-server/blob/c993eb5a700f81fe204283b3428e0742015f9b8d/lib/grant-types/authorization-code-grant-type.js#L122-L144
…