Unlock mechanism flaw mist opens 2 second unlock timout window. #2584
Labels
Comments
pat-kim
changed the title
|
Addressed in #2564. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Geth version: All verions
OS & Version: All operating systems
Expected behaviour:
From user perspective API call communication between mist and geth scheme does not allow man in middle attack.
Actual behaviour:
Mist calls geth in order to send tx with account unlocking for 2 second. Not likely other wallet singed tx itself and send before sending to the geth this allows man in middle attack via IPC and RPC while making a transaction by mist.
Steps to reproduce the behaviour:
Simple batch script successfully hijack transaction to IPC with default mist and geth settings.
Refer the following video.
https://www.youtube.com/watch?v=PNSwFy__m-8
The text was updated successfully, but these errors were encountered: