tanprathan

// SPDX-License-Identifier: MIT

pragma solidity ^0.6.6;

import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.1.0/contracts/access/Ownable.sol";
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.1.0/contracts/token/ERC20/ERC20.sol";

contract ZUSDT is ERC20("ZUSD-T Token", "ZUSD-T"), Ownable {

  function mint(uint amount) public onlyOwner {

tanprathan

> [Description]
> OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART
> serial interface without proper access control. This allows attackers
> with physical access to interrupt the boot sequence in order to execute
> arbitrary commands with root privileges and conduct further attacks.
>
> ------------------------------------------
>
> [Additional Information]
> Proof of Concept: https://www.dropbox.com/s/5ozzv04ddsgst3t/OKER_UART.mp4

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The Passcode feature allows authentication bypass via
> runtime manipulation that forces a certain method to disable passcode
> authentication. NOTE: the vendor indicates that this is not an attack
> of interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.
>
> ------------------------------------------
>

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger
> application 4.8.11 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a certain
> method's return value to true. In other words, an attacker could
> authenticate with an arbitrary passcode. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes Android devices on which rooting has
> occurred.
>

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the org.telegram.messenger
> application 4.8.11 for Android. The FingerprintManager class for
> Biometric validation allows authentication bypass through the callback
> method from onAuthenticationFailed to onAuthenticationSucceeded with
> null, because the fingerprint API in conjunction with the
> Android keyGenerator class is not implemented. In other words, an
> attacker could authenticate with an arbitrary fingerprint. NOTE: the
> vendor indicates that this is not an attack of interest within the
> context of their threat model, which excludes Android devices on which

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line
> application 8.8.1 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a
> certain method's return value to true. In other words, an attacker
> could authenticate with an arbitrary passcode. NOTE: the vendor
> indicates that this is not an attack of interest within the context
> of their threat model, which excludes Android devices on which
> rooting has occurred.
>

tanprathan

> [Ddescription]
> ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application
> 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation
> allows authentication bypass by overriding the LAContext return Boolean
> value to be "true" because the kSecAccessControlUserPresence
> protection mechanism is not used. In other words, an attacker could
> authenticate with an arbitrary fingerprint. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes iOS devices on which a jailbreak has
> occurred.

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the com.dropbox.android
> application 98.2.2 for Android. The Passcode feature allows
> authentication bypass via runtime manipulation that forces a certain
> method's return value to true. In other words, an attacker could
> authenticate with an arbitrary passcode. NOTE: the vendor indicates
> that this is not an attack of interest within the context of their
> threat model, which excludes Android devices on which rooting has
> occurred.
>

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the com.dropbox.android
> application 98.2.2 for Android. The FingerprintManager class for
> Biometric validation allows authentication bypass through the callback
> method from onAuthenticationFailed to onAuthenticationSucceeded with
> null, because the fingerprint API in conjunction with the Android
> keyGenerator class is not implemented. In other words, an attacker
> could authenticate with an arbitrary fingerprint. NOTE: the vendor
> indicates that this is not an attack of interest within the context of
> their threat model, which excludes Android devices on which rooting

tanprathan

> [Description]
> ** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox
> app 100.2 for iOS. The LAContext class for Biometric (TouchID)
> validation allows authentication bypass by overriding the LAContext
> return Boolean value to be "true" because the
> kSecAccessControlUserPresence protection mechanism is not used. In
> other words, an attacker could authenticate with an arbitrary
> fingerprint. NOTE: the vendor indicates that this is not an attack of
> interest within the context of their threat model, which excludes
> iOS devices on which a jailbreak has occurred.