9 matches found
GO-2026-4564 Fleet: Device lock PIN can be predicted if lock time is known in github.com/fleetdm/fleet
Fleet: Device lock PIN can be predicted if lock time is known in github.com/fleetdm/fleet...
GHSA-PPWX-5JQ7-PX2W Fleet: Device lock PIN can be predicted if lock time is known
Summary Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if the approximate time the device was locked is known. Impact Fleet’s...
Olas can be locked less than 1 week
Lines of code Vulnerability details Impact The minimum lock time for OLAS is 1 week. If a user locks their OLAS for a duration less than that, their voting power becomes zero. However, in OLAS:createLockFor, the system only checks if the unlockTime is greater than the block.timestamp. Consequentl...
Decayed voting power can be restored by delegating to newer lock
Lines of code Vulnerability details Impact Delegation to newer lock updates slope and bias of delegatee according to new delegated amount and lengthier lock time which leads to decayed voting power from delegator older lock to be restored // @audit - slope and bias being updated according to...
Staking: Attacker can stake very few tokens for others to increase the lock time of others' tokens.
Lines of code Vulnerability details Impact In the stake function of the Staking contract, anyone can stake tokens for others. And each time a token is staked, the lock time of all tokens is increased. This allows an attacker to stake few tokens for others to increase the lock time of others'...
Users can transfer tokens to themselves to set cooldowns to 0, and then increase the lock time of other users' tokens when transferring to other users
Lines of code Vulnerability details Impact In the beforeTokenTransfer function, cooldowns will be set to 0 when the user transfers all tokens to himself. function beforeTokenTransfer address from, address to, uint256 amount internal virtual override iffrom != address0 //check must be skipped on...
Lock time is dependent on the average block time
Handle Czar102 Vulnerability details Impact Function BasketFacet::getLock... checks the lock based on the block number, so the time of the lock is dependent on average block time. Average block time doesn't have to be maintained by the protocol and is a subject to changes. Furthermore, the...
ZSQL: Account Lock Time
The PASSWORDLOCKTIME parameter specifies the number of days an account will be locked after the specified number of consecutive failed login attempts. If the account lock time exceeds the value of PASSWORDLOCKTIME default: one day, the system automatically unlocks the user. Larger parameter value...
CVE-2016-7601
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible...