CVE-2023-50053

Name of the Vulnerable Software and Affected Versions Foundation platform version 1.0

Description The issue allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation. The signed message lacks a nonce, which is a random number. This flaw may expose sensitive data due to a weakness in the Message Handler component.

Recommendations For Foundation platform version 1.0, apply available patches to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of the Web3 authentication process until a patch is available. Identify affected systems and monitor for signs of exploitation.