Rizful.com on Nostr: Thanks for this report... seconding EVAN request for an incident report... would be ...
Thanks for this report... seconding
EVAN (npub19kv…e2qd) request for an incident report... would be useful for
NWC (npub19hg…yv9p) implementors especially. My main question is this: Is there anything NWC-specific about this vulnerability? From what I see in your post, it looks like a more vanilla-flavored attack on your auth/login mechanism, which THEN allowed the attacker to mess with the NWC codes. But if you're learned anything NWC-specific that would be very useful for others to learn from...
Published at
2025-02-09 14:49:18Event JSON
{
"id": "ecbfa84ea1d8823ef98e409f6ee11065a853f7330d48fb7f5e3ed4ccbf52ed47",
"pubkey": "97f848adcc4c6276685fe48426de5614887c8a51ada0468cec71fba938272911",
"created_at": 1739112558,
"kind": 1,
"tags": [
[
"e",
"1fdb9ae452e164450bb2ea059b4840f48ea7ee8094ee95f29ad54fe9a5ebad1c",
"",
"root"
],
[
"p",
"ba80990666ef0b6f4ba5059347beb13242921e54669e680064ca755256a1e3a6"
],
[
"p",
"2d9873b25bf2dda6141684d44d5eb76af59f167788a58e363ab1671fefee87f2",
"",
"mention"
],
[
"p",
"2dd140ca80db62bcf377d7dbe68d22a95baa41d19c5b4971a78204af7596051a",
"",
"mention"
]
],
"content": "Thanks for this report... seconding nostr:npub19kv88vjm7tw6v9qksn2y6h4hdt6e79nh3zjcud36k9n3lmlwsleqwte2qd request for an incident report... would be useful for nostr:npub19hg5pj5qmd3teumh6ld7drfz49d65sw3n3d5jud8sgz27avkq5dqm7yv9p implementors especially. My main question is this: Is there anything NWC-specific about this vulnerability? From what I see in your post, it looks like a more vanilla-flavored attack on your auth/login mechanism, which THEN allowed the attacker to mess with the NWC codes. But if you're learned anything NWC-specific that would be very useful for others to learn from...",
"sig": "73bcdc823fc7723adf171f857b167eeaa06e28a26408c833e3c2849bd681f632d30b0002624418a5351dec01f5d1b126c1e582775a231040186366249befd700"
}
