Zurück zum Sicherheitsportal
Biometric Verification bypassed in Trezor Suite with external monitor
Gemeldet auf March 9, 2026
Biometric authentication in Trezor Suite could be bypassed when the functionality was not available on the host device. This could happen, for example, when a laptop was connected to an external monitor and its lid was closed. This beat the purpose of biometric authentication which should prevent other users of the host device from unauthorized access to the app.
Behobene Sicherheitslücken
Gemeldet durch Community. Untersucht. Gelöst. Weil deine Sicherheit nie optional ist.
- Unauthenticated Remote DoS via xpub Change-Index Amplification19. Mai 2026
- Unauthenticated Remote Memory Exhaustion via Unbounded Timestamp Array19. Mai 2026
- Cross-Origin Popup Takeover in Trezor Connect popup3. Mai 2026
- Reflected cross-site scripting (XSS) vulnerability on connect.trezor.io via hash fragment script injection25. März 2026
- EIP-712 Domain Spoofing via Double-Fetch21. März 2026
- Open redirect on affiliate page20. März 2026