The Introduction Client in Briar up to and including 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
briarproject briar |