Author: Douglas Huff 2011-06-19 22:36:27
Published on: 2011-06-19T22:36:27+00:00
The conversation between Gavin Andresen and Doug Huff on June 19, 2011 centered around the disclosure of vulnerabilities in ClearCoin. Gavin mentioned that he takes private disclosures of vulnerabilities seriously and confirmed that the CSRF vulnerability in ClearCoin had been fixed, thanking Doug for bringing it to his attention. However, Doug then reported multiple CSRF vulnerabilities in http://clearcoin.appspot.com, stating that they were particularly nasty as the site was hosted on appspot and used Google account authentication, leaving users vulnerable as long as they remained logged into their Google accounts. Gavin's website, clearcoin.com, was also linked in his signature.
Updated on: 2023-05-26T18:26:15.862412+00:00