Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

From Audit: Broken Access Control Allows for Mnemonic Extraction #129

Closed
josietyleung opened this issue May 10, 2022 · 0 comments
Closed
Assignees

Comments

@josietyleung
Copy link

@josietyleung commented on Tue May 10 2022

Synopsis
The background script does not validate which method a request is attempting to call in the Emeris browser extension wallet, allowing attackers to call arbitrary functions in the internal emeris object. This allows attackers to call the popupHandler function directly and subsequently call getMnemonic. If an attacker is able to guess the password of the wallet, the mnemonic can be exfiltrated from the wallet.

Impact
A user’s seed phrases can be exfiltrated from the wallet without their knowledge. This would result in the loss of all their funds.

Remediation
We recommend implementing a check in pageHandler that verifies that request.action belongs in a pre-approved list of functions. Additionally, we recommend that validation be performed in the content-script that inspects the message to make sure that the data is structured only in the way expected by the requesting functions

Refer to full audit report first - Issue A

https://allinbits.slack.com/archives/C02U9SVJT97/p1652107168347859

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants