PT-2020-18328 · Ethereum · Ethereum Name Service (Ens) Registry
Decanus
·
Published
2020-01-30
·
Updated
2022-09-20
·
CVE-2020-5232
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Ethereum Name Service (ENS) registry (affected versions not specified)
Description
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness. A new ENS deployment is being rolled out to fix this issue.
Recommendations
For the old ENS registrar, do not accept transfers of ENS domains from other users as a workaround.
Update to the new ENS deployment to fix the vulnerability in the ENS registry.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ethereum Name Service (Ens) Registry