Regresar al centro de seguridad

Missing confirmation in the ECDHSessionKey call

Reportada en November 26, 2023

The Trezor Safe 3 returns the ECDHSessionKey without requiring appropriate user interaction, resulting in the omission of address confirmation screens in the user interaction workflow.

This concerns only the SSH functionality in Trezor and was fixed in 2.6.4.

Reportada por Mathias Herberts

Trezor Safe 3

Vulnerabilidades solucionadas

Reportada por la comunidad. Investigada. Solucionada. Porque tu seguridad no es una opción.