PT-2023-26552 · Unknown · Twitch-Tui

Roger

Publicado

2023-07-31

Atualizado

2023-08-09

CVE-2023-38688

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions twitch-tui versions prior to 2.4.1

Description The issue arises from the software's configuration of the IRC connection, which disables TLS, resulting in unencrypted communication to Twitch IRC servers. This allows communication, including auth tokens, to be sniffed.

Recommendations For versions prior to 2.4.1, update to version 2.4.1 to resolve the issue. As a temporary workaround, consider configuring the IRC connection to enable TLS until the update can be applied.

Exploit

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2023-38688

GHSA-779W-XVPM-78JX

Produtos afetados

Twitch-Tui

PT-2023-26552 · Unknown · Twitch-Tui

CVE-2023-38688

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9