Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.
Thread
Login to reply
Replies ()
its not a vulnerability if they're modulating the hardcoded key per CJ round correct?
as @waxwing suggested on original vulnerability disclosure post Jan 7th?
either way, the server CANNOT give clients a unique key for identification.
there hasnt been enough time to actually review the implementation.
so I'd just STFU for now.
Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.
View quoted note →