107 matches found
Hackers Had Access to LastPass's Development Systems for Four Days
Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022. "There is no evidence of any threat actor activity beyond the established timeline," LastPass...
Source code of password manager LastPass stolen by attacker
In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...
Vaults are not locked properly
Lines of code Vulnerability details Impact Even though after Auction starts, Vault ownership moves to Witch but still Cauldron Admin can perform operations on this Vault. This includes transferring funds from a Vault which has live Auction ongoing Proof of Concept 1. Auction is started on Vault i...
Setting a high feeRate can block exercise or cause negative flow of funds
Lines of code Vulnerability details Impact When an admin intentionally or unintentionally sets a feeRate greater than 1e18 100%, The exercise function can fail with arithmetic operation underflow at line 289 In the case, when beneficiary is connected to multiple vaults, the exercise function will...
GHSA-Q9QR-H33G-FW3J TeamPass Storing Passwords in a Recoverable Format vulnerability
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...
ConvexYieldWrapper griefing attack is possible that removes all the vaults from any user
Handle hyh Vulnerability details Impact Griefing attack is possible, an attacker can can remove all vaultIds from an arbitrary account. I.e. anyone can mix up vault configuration for any user. Proof of Concept ConvexYieldWrapper.removeVault doesn't have access controls and allows anyone to manage...
Lack of auth for vaults
Handle 0x1f8b Vulnerability details Impact Anyone can create vaults and remove vaults from anyone. Proof of Concept The contract ConvexYieldWrapper expose two methods: addVault show in his comment Adds a vault to the user's vault list but according to the code it not use the users vault, it use...
Vaults don't work with fee-on transfer tokens
Handle cmichel Vulnerability details Certain ERC20 tokens make modifications to their ERC20's transfer or balanceOf functions. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Impact The Vault.addValueBatch functions will recive less...
NFTXVaultFactoryUpgradeable implementation can be replaced in production breaking the system
Handle hyh Vulnerability details Impact NFTXVaultFactory contract holds information regarding vaults, assets and permissions vaults, vaultsForAsset and excludedFromFees mappings. As there is no mechanics present that transfers this information to another implementation, the switch of...
DonPAPI - Dumping DPAPI Credz Remotely
Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those "secured" credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key protecting TaskScheduled blob...
Use mutex lock on VaultHelper.sol
Handle tensors Vulnerability details Impact I strongly recommend adding a nonreentrant modifier on the functions within VaultHelper.sol The contract makes a bunch of unsafe external calls to the user submitted addresses vault and gauge. Also, add some checks to make sure vault and gauge are...
manager.allowedVaults check missing for add/remove strategy
Handle 0xRajeev Vulnerability details Impact The manager.allowedVaults check is missing for add/remove strategy like how it is used in reorderStrategies. This will allow a strategist to accidentally/maliciously add/remove strategies on unauthorized vaults. Given the critical access control that i...
An attacker can steal funds from multi-token vaults
Handle WatchPug Vulnerability details The total balance should NOT be simply added from different tokens' tokenAmounts, considering that the price of tokens may not be the same. function balanceOfThis public view returns uint256 balance address memory tokens = manager.getTokensaddressthis; for...
No safety check in addToken
Handle jonah1005 Vulnerability details Impact There's no safety check in Manager.sol addToken. There are two possible cases that might happen. 1. One token being added twice in a Vault. Token would be counted doubly in the vault. Ref: Vault.solL293-L303. There would be two item in the array when...
sortVaultsByDelta doesn't work as expected
Handle gpersoon Vulnerability details Impact The function sortVaultsByDelta doesn't always work as expected. Suppose all the delta's are positive, and delta1 = delta2 = delta3 0 Then maxIndex = 0 And delta minDelta ==0 is never true, so minIndex = 0 Then assuming bigFirst==true: vaultIndexes0 =...
Undercollateralized vaults' owner can be overwritten
Handle cmichel Vulnerability details The witch can Witch.grab vaults and the vaultOwnersvaultId field is set to the original owner. However, when the auction time is over and the debt has not been fully paid back, the original owner is not restored, and the witch can grab the same vault again,...
EIP-721 / EIP-1155 Re-Entrancy Vulnerability (Resubmission)
Handle 0xsomeone Vulnerability details This submission acts as additional material to the original submission. I would like to note that the "Areas of Review" chapter of the contest explicitly states that "Vaults should always maintain 1:1 ratio..." which the re-entrancy breaks. --- The text was...
SharpDPAPI - A C# Port Of Some Mimikatz DPAPI Functionality
SharpDPAPI is a C port of some DPAPI functionality from @gentilkiwi's Mimikatz project. I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process and operationalize it to fit our workflow. The SharpChrome subproject is an adaptation of work fro...
Hacking Hardware Password Managers: The RecZone
TL:DR Hardware security can be difficult to fathom, so I set out to research three password vaults as a newbie, sharing my findings. I picked three popular hardware vaults, each with different components, requiring different skills and equipment. Here's how I learned about disassembly, chipset...
Qualys Cloud Platform (VM, PC) 8.18.1 New Features
The patch release of the Qualys Cloud Platform, version 8.18.1.0-1, includes new support for HashiCorp Vaults as well as for Virtual Scanner Appliance for OCI and OCI-Classic Platforms. Feature Highlights Support for HashiCorp Vaults – This release adds a new vault type that can be used to retrie...