3 matches found
GHSA-8MR2-F9WF-HCFQ Duplicate Advisory: OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v6x2-2qvm-6gv8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscati...
CVE-2026-32897 OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback
OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...
GHSA-V6X2-2QVM-6GV8 OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback
Vulnerability OpenClaw reused gateway.auth.token and gateway.remote.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay=hash and commands.ownerDisplaySecret was unset. This created secret dual-use between gateway authentication and prompt metadata hashing...