141 matches found
CVE-2021-34421
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...
Path traversal
The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...
Design/Logic Flaw
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...
CVE-2021-34421
The CVE-2021-34421 issue affects the Keybase Client for Android and iOS prior to version 5.8.0. The root cause is a failure to properly remove “exploded” messages when the recipient places the chat session in the background while the sender explodes messages, potentially leading to disclosure of ...
CVE-2021-34421 Retained exploded messages in Keybase Clients for Android and iOS
The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to...
CVE-2021-34422 Path traversal of file names in Keybase Client for Windows
The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application whi...
CVE-2021-34422
The CVE-2021-34422 issue affects the Keybase Client for Windows prior to version 5.7.0, where a path traversal vulnerability exists in the file-name check when uploading to a team folder. A crafted filename in a shared/public folder could enable remote code execution on the host. Affected product...
Keybase 信息泄露漏洞
Keybase is a social networking platform based on PGP technology that supports end-to-end encryption.An information disclosure vulnerability exists in Keybase Client for Android before version 5.8.0 and Keybase Client for iOS before version 5.8.0, which stems from the client's inability to properl...
Keybase 路径遍历漏洞
Keybase is a PGP technology-based social networking platform that supports end-to-end encryption.Keybase Client for Windows prior to version 5.7.0 is vulnerable to a path traversal vulnerability that stems from a networked system or product failing to properly filter special elements in a resourc...
Deleted Keybase chat images retrievable on Windows, macOS, Linux
By Waqas Keybase is owned by Zoom and currently has almost half a million privacy-focused users. Here's how it kept chat images that were retrievable. This is a post from HackRead.com Read the original post: Deleted Keybase chat images retrievable on Windows, macOS, Linux...
CVE-2021-23827
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media such as private pictures in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodolog...
CVE-2021-23827
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media such as private pictures in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodolog...
Design/Logic Flaw
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media such as private pictures in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodolog...
CVE-2021-23827
CVE-2021-23827 affects Keybase Desktop Client on Windows/macOS < 5.6.0 and Linux
CVE-2021-23827
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media such as private pictures in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodolog...
Keybase Desktop Client Security Vulnerability
Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability exists in the Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, which allows an attacker to obtain potentially sensitive media in the...
North Korea Targets Security Researchers in Elaborate 0-Day Campaign
Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them — and then infects their organizations’ systems with custom backdoor malware. That’s according to Google’s Threat Analysis Group TAG, which...
Keybase: Keybase /AppData/Local/Keybase/uploadtemps folder stores pasted photos
During research, I had noticed that Keybase does not adequately clear the cache and some residual files can be viewed, with no form of encryption on the files. In addition, these pasted photos remain even after clearing the containing chat. Not all of the pasted photos remain, so it's unclear wha...
Internet Bug Bounty: Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url)
Slides : https://docs.google.com/presentation/d/19WeQbqcOKnrSv1I3Z4sm-oNAf6IVzHwRyQP4i9BvY/editslide=id.g758ad3e04223231 See Blogpost for more details - https://medium.com/@metnew/exploiting-popular-macos-apps-with-a-single-terminal-file-f6c2efdfedaa Summary Popular macOS apps with a file-sharing...
Zoom Security Gets a Boost With Keybase Acquisition
Plus: A GoDaddy breach, a ransomware attack, and more of the week's top security news...