search

Githubuser60 / famed-demo

0 stars 0 forks source link

Famed Retroactive Rewards #25

Closed Githubuser60 closed 1 year ago

Githubuser60 commented 1 year ago

UID: CL-2021-39

Severity: medium

Type: BUG

Affected Clients: Lighthouse

Summary: A validator client uses two API keys: ".secp-sk" (secret key) and "api-token.txt" (the corresponding public key). Both files are stored in a user directory with 644 permission bits. So any user on the host can read them.

Links: https://github.com/sigp/lighthouse/issues/2437

Reported: 2021-07-07

Fixed: 2021-09-13

Published: 2021-12-01

Bounty Hunter: Taurus

Bounty Points: Part of EF initiated Security Audit: https://arxiv.org/abs/2109.11685

get-famed[bot] commented 1 year ago

🤖 Assignees for issue Famed Retroactive Rewards #25 are now eligible to Get Famed.

✅ Add assignees to track contribution times of the issue đŸĻ¸â€â™€ī¸đŸĻšī¸ ✅ Add a single severity (CVSS) label to compute the score 🏷ī¸ī¸

Happy hacking! đŸĻžđŸ’™â¤ī¸ī¸

get-famed[bot] commented 1 year ago
@Githubuser60 - you Got Famed! 💎 Check out your new score here: https://leaderboard.morphysm.com/teams/Githubuser60/famed-demo Contributor Time Reward
Githubuser60 1632h0m0s 2444 POINTS