Ethereum · Ethereum Name Service (Ens) Registry · CVE-2020-5232
**Name of the Vulnerable Software and Affected Versions**
Ethereum Name Service (ENS) registry (affected versions not specified)
**Description**
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness. A new ENS deployment is being rolled out to fix this issue.
**Recommendations**
For the old ENS registrar, do not accept transfers of ENS domains from other users as a workaround.
Update to the new ENS deployment to fix the vulnerability in the ENS registry.