CVE-2019-14356

On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be...

Malicious Package

Overview mk1 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installed...

fiesta-mk1.co.uk Improper Access Control vulnerability OBB-2415239

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2019-14356

CVE-2019-14356 affects Coldcard MK1 and MK2 devices. A side-channel in the OLED row-based display lets an attacker who can control or monitor USB power measurements during times secrets are shown partially recover display contents, potentially exposing PINs and BIP39 mnemonics. The vulnerability ...