CVE-2024-34694

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. Th...

LNbits improperly handles potential network and payment failures when using Eclair backend

Summary Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s...

LNbits Security Vulnerabilities

LNbits is a Python server open-sourced by LNbits. A security vulnerability exists in versions of LNbits prior to 0.12.6 that stems from the fact that if a payment invoice in Eclair is not cleared within an internal timeout period, it will be treated as a payment failure, even if the payment is...

Nord Security: Past payments using the Direct Debit method keep subscriptions active even if payments fail

I think this is a vulnerability that has no impact but it violates I found many accounts that are actively subscribed even though the payment failed, this is because the payment uses the Direct Debit method, and you have deleted it. Because Direct Debit payments have been deleted and no longer wo...