Zpět na portál zabezpečení
Missing confirmation in the ECDHSessionKey call
Nahlášeno November 26, 2023
The Trezor Safe 3 returns the ECDHSessionKey without requiring appropriate user interaction, resulting in the omission of address confirmation screens in the user interaction workflow.
This concerns only the SSH functionality in Trezor and was fixed in 2.6.4.
Nahlášeno Mathias Herberts
Trezor Safe 3
Vyřešené zranitelnosti
Nahlášeno komunitou. Prošetřeno. Vyřešeno. Protože vaše bezpečnost není nikdy volitelná.
- Inability to cancel certain flows on pre-production firmwareOctober 31, 2025
- Donjon's Trezor Safe 3 evaluationNovember 12, 2024
- XSS in Trezor Connect legacy versionsFebruary 7, 2023
- Insufficient field size check in ProtobufJuly 12, 2021
- XSS in Trezor ConnectAugust 3, 2020
- Missing path isolation checkJuly 14, 2020