CVE-2023-50059

Name of the Vulnerable Software and Affected Versions Galxe platform version 1.0

Description The issue allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe. The signed message lacks a nonce, which is a random number. This lack of a nonce enables a potential Web3 Authentication Replay Attack.

Recommendations For Galxe platform version 1.0, consider temporarily disabling the Web3 authentication process until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using the Web3 authentication process in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.