-
LZ_security
High
# A malicious user can create multiple `rebate_manager` in advance
## Summary
A malicious user can create `rebate_manager` in advance, steal funds from the protocol, or prevent `r…
-
I would like to have a dependency (only once after loading the pdf document) between the security and cash account e.g. for the pdf import dialog. An auto selection would save time/clicks when the cas…
-
##Description:
As a user, I want to be able to open a new saving account through a user-friendly interface so that I can quickly set up and manage my finances.
Acceptance Criteria:
Form Desig…
-
A while back we explored having the Windows client run apps under an unprivileged account.
I believe we found that this prevented the apps from using GPUs,
and we made it into an install option ("pr…
-
As mentioned [here](https://www.rareskills.io/post/merkle-tree-second-preimage-attack) Merkle trees are susceptible to the second preimage attack when a node can be presented as a leaf. To prevent thi…
-
We (a group of developpers) are on our way to propose an API to add device for an existing account.
We propose a two ways authentication to access this API
First request : authenticate via user …
-
**Vulnerability Summary**
Testers discovered a scenario in which the default admin account can reappear even after being deleted--this is especially dangerous since the default admin account has a st…
-
**Vulnerability Summary**
Testers discovered a scenario in which it is possible to reenable the default admin account even if the password is changed.
**Analysis of the Attack**
The tester follow…
-
In Address Book, clicking on gContactSync > New Account gives you the 1st screen where leaving it on existing account & selecting Next simply gives you a screen that says "Sign in with Google temporar…
-
On one of our installations, accounts have the Security menu entry:
And clicking on it gives a 500 error, since the default template is used:
```
Stacktrace (most recent call last):
Fi…