Donjon's Trezor Safe 3 evaluation

Signalé sur November 12, 2024

Ledger Donjon evaluated our Trezor Safe Family and successfully reused a previously known attack to demonstrate how some countermeasures against supply chain attacks in Trezor Safe 3 can be bypassed. Trezor Safe 5 is not affected because it uses a more recent microcontroller designed to be more resilient to similar attacks.

Signalé par Ledger Donjon

Notre article de blog

Trezor Safe 3

Vulnérabilités résolues

Signalé par la communauté. Examiné. Résolu. Parce que votre sécurité n’est jamais optionnelle.

Reflected cross-site scripting (XSS) vulnerability on connect.trezor.io via hash fragment script injection
25 mars 2026
Open redirect on affiliate page
20 mars 2026
Biometric Verification bypassed in Trezor Suite with external monitor
9 mars 2026
Insufficient entropy on Trezor Model One with 12/18 words
6 février 2026
Bug in multisig verification
10 janvier 2026
Inability to cancel certain flows on pre-production firmware
31 octobre 2025