2 matches found
Gobbler Merkle tree vulnerable to second preimage attack
Lines of code Vulnerability details Impact The Merkle tree is vulnerable to a second preimage attack due to the fact that there is no prefix to distinguish between leaves an intermediate nodes Proof of Concept There are no prefixes added to the values in MerkleProofLib and none included in what's...
Elevating Privileges Via Windows Installers
There’s an odd bit of behavior that some Windows systems will exhibit when certain kinds of installers are launched, automatically elevating the privileges of the installer process to system-level privileges. In theory, the issue shouldn’t be exploitable because at one point in the process the...