Lack of access control in AllowedMsgSenders contract.

Lines of code Vulnerability details Impact setAllowedMsgSenders lacks access control. This enables anyone to set themselves as an allowed message sender and call the send in tokenSender.sol to transfer out any amount bypassing all the checks imposed in the hooks. Proof of Concept...

Security Advisory - MITM Vulnerability in the OpenSSL Module of Huawei eSight Network

During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

OpenSSL Alternative Chains Certificate Forgery MITM Proxy

This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake...

Amazon Linux AMI : openssl (ALAS-2015-564)

During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

Vulnerability in OpenSSL - Alternative chains certificate forgery

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Found by Adam...