Lucene search
+L

9 matches found

osv
osv
added 2026/02/27 2:17 a.m.7 views

GO-2026-4564 Fleet: Device lock PIN can be predicted if lock time is known in github.com/fleetdm/fleet

Fleet: Device lock PIN can be predicted if lock time is known in github.com/fleetdm/fleet...

5.5CVSS5.8AI score0.00124EPSS
Exploits0References3
osv
osv
added 2026/02/26 7:35 p.m.5 views

GHSA-PPWX-5JQ7-PX2W Fleet: Device lock PIN can be predicted if lock time is known

Summary Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if the approximate time the device was locked is known. Impact Fleet’s...

4.1CVSS5.7AI score0.00124EPSS
Exploits0References4
code423n4
code423n4
added 2024/01/08 12:0 a.m.24 views

Olas can be locked less than 1 week

Lines of code Vulnerability details Impact The minimum lock time for OLAS is 1 week. If a user locks their OLAS for a duration less than that, their voting power becomes zero. However, in OLAS:createLockFor, the system only checks if the unlockTime is greater than the block.timestamp. Consequentl...

7.1AI score
Exploits0
code423n4
code423n4
added 2023/08/10 12:0 a.m.5 views

Decayed voting power can be restored by delegating to newer lock

Lines of code Vulnerability details Impact Delegation to newer lock updates slope and bias of delegatee according to new delegated amount and lengthier lock time which leads to decayed voting power from delegator older lock to be restored // @audit - slope and bias being updated according to...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/06/25 12:0 a.m.15 views

Staking: Attacker can stake very few tokens for others to increase the lock time of others' tokens.

Lines of code Vulnerability details Impact In the stake function of the Staking contract, anyone can stake tokens for others. And each time a token is staked, the lock time of all tokens is increased. This allows an attacker to stake few tokens for others to increase the lock time of others'...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/03/30 12:0 a.m.17 views

Users can transfer tokens to themselves to set cooldowns to 0, and then increase the lock time of other users' tokens when transferring to other users

Lines of code Vulnerability details Impact In the beforeTokenTransfer function, cooldowns will be set to 0 when the user transfers all tokens to himself. function beforeTokenTransfer address from, address to, uint256 amount internal virtual override iffrom != address0 //check must be skipped on...

6.7AI score
Exploits0
code423n4
code423n4
added 2021/12/19 12:0 a.m.10 views

Lock time is dependent on the average block time

Handle Czar102 Vulnerability details Impact Function BasketFacet::getLock... checks the lock based on the block number, so the time of the lock is dependent on average block time. Average block time doesn't have to be maintained by the protocol and is a subject to changes. Furthermore, the...

6.9AI score
Exploits0
openvas
openvas
added 2020/04/09 12:0 a.m.7 views

ZSQL: Account Lock Time

The PASSWORDLOCKTIME parameter specifies the number of days an account will be locked after the specified number of consecutive failed login attempts. If the account lock time exceeds the value of PASSWORDLOCKTIME default: one day, the system automatically unlocks the user. Larger parameter value...

7.3AI score
Exploits0References1
osv
osv
added 2017/02/20 8:59 a.m.2 views

CVE-2016-7601

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible...

6.8CVSS5.8AI score0.00354EPSS
Exploits0References3
Rows per page
Query Builder