Design/Logic Flaw

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation that an address at keybase.io can be used for Stellar payments to the user, which might be incompatible with a user's personal position on...

CVE-2019-16992

The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation that an address at keybase.io can be used for Stellar payments to the user, which might be incompatible with a user's personal position on...

CVE-2019-16992

CVE-2019-16992 affects the Keybase iOS app (v2.13.2), where the implementation could sign a cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments) using the user’s private key without clear user notice. The issue is described as a misuse/insufficient notice ab...

Keybase has an unspecified vulnerability

Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. An unspecified vulnerability exists in the iOS-based Keybase version 2.13.2, which stems from a backdoor in the program that can be exploited by an attacker to sign an authentication using a user'...

CVE-2019-7249

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system who didn't have root access to tamper with another's installs...

Design/Logic Flaw

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system who didn't have root access to tamper with another's installs...

CVE-2019-7249

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system who didn't have root access to tamper with another's installs...

CVE-2019-7249

CVE-2019-7249 affects Keybase on macOS prior to version 2.12.6. The vulnerability arises in the move RPC to the Helper, described as a time-to-check-time-to-use issue that could allow a user without root to tamper with another user's installations. NVD metrics indicate a high/critical impact (CVS...

CVE-2019-7249

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system who didn't have root access to tamper with another's installs...

Keybase: From nobody to somebody

Short description Using a bug any user can change the keybase and git-remote-keybase symlinks in the /usr/locale/bin folder. We can exploit this to run arbitrary code as the user. Steps to reproduce 1. In the example I will use the low privileged nobody account could be any other account and I wi...

Keybase: XSS on Desktop Client

Steps to reproduce 1. Create a file named as 'alert1v.SS'.mp4 in the keybase public/private folder. 2. On the desktop client open the file as a preview. 3. An alert box pops up. gif poc: F399836 The Problem The client/shared/fs/filepreview/av-view.desktop.js file contains a template literal with...

Keybase: macOS privilege escalation via keybase install

Environment OS: macOS Mojave 10.14.1 Kernel: Darwin Kernel Version 18.2.0 keybase version 2.12.2-20181218171841+29273f4110 Steps to reproduce Note: All steps are executed as an unprivileged user unless otherwise noted. For this PoC the unprivileged user is defined as below $ id test2 uid=508test2...

Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a cust...

CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary...

Design/Logic Flaw

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary...

CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary...

CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary...

CVE-2018-18629

CVE-2018-18629 affects the Keybase command-line client for Linux prior to 2.8.0-20181023124437. A local untrusted search path vulnerability in the keybase-redirector (SUID root) lets a local unprivileged user escalate to root via a Trojan horse binary, by abusing a relative path when calling fuse...

Keybase: Local privilege escalation bug using Keybase redirector on macOS

There's a local privilege escalation bug in the latest version of Keybase for macOS. The issue is in the process of launching keybase-redirector. The process works as follows: 1. Copy keybase-redirector binary to a root-only location 2. Check its signature 3. Launch the binary Code ref. Note the...

CVE-2018-18629

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivileged user on Linux to gain root privileges via a Trojan horse binary. Recent assessments: bulw4rk ...