4 matches found
Identity Spoofing in libp2p-secio
Affected versions of libp2p-secio does not correctly verify that the PeerId of DstPeer matches the PeerId discovered in the crypto handshake, resulting in a high severity identity spoofing vulnerability. Recommendation Update to version 0.9.0 or later...
GHSA-RCH7-F4H5-X9RJ Identity Spoofing in libp2p-secio
Affected versions of libp2p-secio does not correctly verify that the PeerId of DstPeer matches the PeerId discovered in the crypto handshake, resulting in a high severity identity spoofing vulnerability. Recommendation Update to version 0.9.0 or later...
Identity Spoofing
libp2p-secio is vulnerable to identity spoofing. The library doesn't ensure that the PeerId from the DstPeer matches the one obtained from the crypto handshake, allowing attackers to pretend to be other people...
Identity Spoofing
Overview Affected versions of libp2p-secio does not correctly verify that the PeerId of DstPeer matches the PeerId discovered in the crypto handshake, resulting in a high severity identity spoofing vulnerability. Recommendation Update to version 0.9.0 or later. References - PR 95 - GitHub Advisor...