Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2025-07-31

HackerOne Disclosed Reports - 2025-07-31

0 Replies, 214 Views

 hashXploiter

   08-01-2025, 12:30 PM
Administrator
#1
Logo
Medium
resolved

total Failure of password protection while extracting seed phrase! increases attack surface area for scammers


Bug reported by Deepak was disclosed at July 31, 2025, 7:36 pm   |   Authentication Bypass Using an Alternate Path or Channel

The MetaMask browser extension UI was able to access a user's seed phrase without requiring password confirmation, which violated expected security boundaries between the UI and background process. The issue was resolved in MetaMask Extension version 11.7.1, which now enforces password confirmation before any UI code can access the wallet's seed phrase.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]

Messages In This Thread
HackerOne disclosed reports - 2025-07-31 - by hashXploiter - 08-01-2025, 12:30 PM



Users browsing this thread: 1 Guest(s)