Author: Doug Huff 2011-06-19 21:54:28
Published on: 2011-06-19T21:54:28+00:00
The author has decided to publicly disclose multiple CSRF vulnerabilities in http://clearcoin.appspot.com instead of privately reporting them. The CSRFs are hosted on appspot and use Google account authentication, making anyone logged into their Google account vulnerable. The author tested changing refund address and releasing funds and provided POC code that can be opened on any browser. The site is run and maintained by Gavin Anderson, the lead bitcoin maintainer.
Updated on: 2023-05-26T18:26:33.332854+00:00