Famed Retroactive Rewards #25

Githubuser60 · 2022-09-21T13:52:15Z

UID: CL-2021-39

Severity: medium

Type: BUG

Affected Clients: Lighthouse

Summary: A validator client uses two API keys: ".secp-sk" (secret key) and "api-token.txt" (the corresponding public key).
Both files are stored in a user directory with 644 permission bits.
So any user on the host can read them.

Links: sigp/lighthouse#2437

Reported: 2021-07-07

Fixed: 2021-09-13

Published: 2021-12-01

Bounty Hunter: Taurus

Bounty Points: Part of EF initiated Security Audit: https://arxiv.org/abs/2109.11685

x0r-ai · 2022-09-21T13:52:19Z

🤖 Assignees for issue Famed Retroactive Rewards #25 are now eligible to Get Famed.

✅ Add assignees to track contribution times of the issue 🦸‍♀️🦹️
✅ Add a single severity (CVSS) label to compute the score 🏷️️

Happy hacking! 🦾💙❤️️

x0r-ai · 2022-09-21T13:52:28Z

@Githubuser60 - you Got Famed! 💎 Check out your new score here: https://leaderboard.morphysm.com/teams/Githubuser60/famed-demo

Contributor	Time	Reward
Githubuser60	1632h0m0s	2444 POINTS

Githubuser60 added high Famed - Common Vulnerability Scoring System (CVSS) - High famed Famed - Tracked by Famed labels Sep 21, 2022

Githubuser60 self-assigned this Sep 21, 2022

Githubuser60 closed this as completed Sep 21, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Famed Retroactive Rewards #25

Famed Retroactive Rewards #25

Githubuser60 commented Sep 21, 2022

x0r-ai bot commented Sep 21, 2022

x0r-ai bot commented Sep 21, 2022 •

edited

Loading

Famed Retroactive Rewards #25

Famed Retroactive Rewards #25

Comments

Githubuser60 commented Sep 21, 2022

x0r-ai bot commented Sep 21, 2022

x0r-ai bot commented Sep 21, 2022 • edited Loading

x0r-ai bot commented Sep 21, 2022 •

edited

Loading