Category

Mitm

Security vulnerabilities and automated fixes for mitm issues

3 posts found

medium9 min

How insecure update manifest parsing happens in C++ UpdateHelper.cpp and how to fix it

TrafficMonitor's software update mechanism in `UpdateHelper.cpp` fetched and parsed update manifests from remote servers without validating the version string or enforcing trusted download URLs, leaving users exposed to man-in-the-middle (MITM) attacks. An attacker on the same network could intercept the update channel and inject a malicious binary under a crafted version string or an HTTP download link pointing to attacker-controlled infrastructure. The fix adds strict version-string sanitizati

#security#cpp#supply-chain+4 more
O
orbisai0security
Jul 11, 2026
high8 min

How Missing Checksum Validation Opens the Door to Supply Chain Attacks

A high-severity vulnerability was discovered in a web application's file download pipeline where the `nodejs-file-downloader` dependency was used without any cryptographic verification of downloaded content. Without checksum or signature validation, attackers positioned between the server and client could silently swap legitimate files for malicious ones. This fix closes that window by enforcing integrity verification before any downloaded content is trusted or executed.

#supply-chain-security#mitm#nodejs+4 more
O
orbisai0security
May 13, 2026
critical5 min

Silent Code Injection: How Missing Signature Verification Defeats Checksum Security

A critical vulnerability in a Python build script allowed potential man-in-the-middle attackers to bypass SHA256 checksum verification by serving malicious checksums alongside compromised binaries. This fix implements proper cryptographic signature verification, ensuring that downloaded artifacts are genuinely from trusted sources—not just matching a potentially tampered checksum file.

#security#supply-chain-attack#checksum-verification+4 more
O
orbisai0security
May 6, 2026