3 matches found
Potential Risk of Privilege Escalation in Azure AD Applications
Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD AAD applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email...
Potential for reentrancy on USDMPegRecovery.sol:withdraw()
Lines of code Vulnerability details Impact Re-entrancy Proof of Concept File: USDMPegRecovery.sol 110: function withdrawLiquidity calldata withdrawal external 111: Liquidity memory total = totalLiquidity; 112: Liquidity memory user = userLiquiditymsg.sender; 113: ifwithdrawal.usdm 0 114:...
IsContract Function Usage
Handle defsec Vulnerability details Impact the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor because the contract has not been deployed yet. The code should be used very carefully, if at all, ...