Voltar para o portal de segurança

Missing confirmation in the ECDHSessionKey call

Reportado em November 26, 2023

The Trezor Safe 3 returns the ECDHSessionKey without requiring appropriate user interaction, resulting in the omission of address confirmation screens in the user interaction workflow.

This concerns only the SSH functionality in Trezor and was fixed in 2.6.4.

Reportado por Mathias Herberts

Trezor Safe 3

Vulnerabilidades resolvidas

Reportado pela comunidade. Investigado. Resolvido. Porque sua segurança nunca é opcional.