📅 Original date posted:2011-06-19
🗒️ Summary of this message: A vulnerability in ClearCoin was reported and fixed, with the reporter noting that CSRFs were particularly nasty due to Google account auth.
📝 Original message:I know. Please do not take this as a personal attack. Blame MagicalTux's
irresponsible behaviour as of late. :(
On Jun 19, 2011 5:34 PM, "Gavin Andresen" <gavinandresen at gmail.com> wrote:
> Some of us take private disclosures of vulnerabilities very seriously.
>
> In any case, the ClearCoin CSRF vulnerability is fixed. Thank you for
> bringing it to my attention.
>
> On Sun, Jun 19, 2011 at 5:54 PM, Doug Huff <dhuff at jrbobdobbs.org> wrote:
>> In light of this decision I would like to report multiple CSRF
vulnerabilities in http://clearcoin.appspot.com .
>>
>> This set of CSRFs are particularly nasty since this is hosted on appspot
and uses google account auth. So long as you stay logged into your google
account you are vulnerable to this CSRF.
>
>
> --
> --
> Gavin Andresen
> http://clearcoin.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20110619/7d4ef3fb/attachment.html>;
Douglas Huff [ARCHIVE] /
npub1xp…c6eq0
2023-06-07 01:39:36
in reply to nevent1q…7nwp
Author Public Key
npub1xpryrka5nmn2vq9uum4qfjcvkfdne95l3ug4sxhdkcnndu4uu6eqrc6eq0Published at
2023-06-07 01:39:36Event JSON
{
"id": "0557808c53cd8bc29d7c70f454f7cd33c8b160ba4160b39f5395a74a18db2fbb",
"pubkey": "304641dbb49ee6a600bce6ea04cb0cb25b3c969f8f11581aedb62736f2bce6b2",
"created_at": 1686101976,
"kind": 1,
"tags": [
[
"e",
"20a05390698942690dbf73937458c698e17339355accb457c637e6c25db13479",
"",
"root"
],
[
"e",
"32200ca9908d9fba584dabffcf5fd5e84b5f01c75d5fa7d8353606c3f98d57e9",
"",
"reply"
],
[
"p",
"857f2f78dc1639e711f5ea703a9fc978e22ebd279abdea1861b7daa833512ee4"
]
],
"content": "📅 Original date posted:2011-06-19\n🗒️ Summary of this message: A vulnerability in ClearCoin was reported and fixed, with the reporter noting that CSRFs were particularly nasty due to Google account auth.\n📝 Original message:I know. Please do not take this as a personal attack. Blame MagicalTux's\nirresponsible behaviour as of late. :(\nOn Jun 19, 2011 5:34 PM, \"Gavin Andresen\" \u003cgavinandresen at gmail.com\u003e wrote:\n\u003e Some of us take private disclosures of vulnerabilities very seriously.\n\u003e\n\u003e In any case, the ClearCoin CSRF vulnerability is fixed. Thank you for\n\u003e bringing it to my attention.\n\u003e\n\u003e On Sun, Jun 19, 2011 at 5:54 PM, Doug Huff \u003cdhuff at jrbobdobbs.org\u003e wrote:\n\u003e\u003e In light of this decision I would like to report multiple CSRF\nvulnerabilities in http://clearcoin.appspot.com .\n\u003e\u003e\n\u003e\u003e This set of CSRFs are particularly nasty since this is hosted on appspot\nand uses google account auth. So long as you stay logged into your google\naccount you are vulnerable to this CSRF.\n\u003e\n\u003e\n\u003e --\n\u003e --\n\u003e Gavin Andresen\n\u003e http://clearcoin.com/\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20110619/7d4ef3fb/attachment.html\u003e",
"sig": "ae4f25e64bbd682b25ff7496d42a8830d10112c0d91d8d4e28ae3deb4221784bf21c73cd0cce0061f2522ce245e11fbd08b717a000bce44c2a1ecc3df6b27bad"
}