GMS-2018-2: Identity Spoofing

January 15, 2018

libp2p-secio is not correctly checking the that the PeerId of the DstPeer matched the PeerId that the peer learns through the Crypto Handshake creating a high severity vulnerability as the purpose of SECIO is to authenticate the other Peer.

References

github.com/libp2p/js-libp2p-secio/pull/95

Code Behaviors & Features

Detect and mitigate GMS-2018-2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →