// For flags

CVE-2020-5232

Ethereum Name Service - Malicious takeover of previously owned ENS names

Severity Score

8.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.

Un usuario que posee un dominio ENS puede establecer una trapdoor, permitiéndole transferir la propiedad a otro usuario y luego recuperar la propiedad sin el consentimiento o conocimiento de los nuevos propietarios. Se está poniendo en funcionamiento una nueva implementación de ENS que corrige esta vulnerabilidad en el registro de ENS.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-02 CVE Reserved
  • 2020-01-30 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-285: Improper Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ens.domains
Search vendor "Ens.domains"
 Ethereum Name Service
Search vendor "Ens.domains" for product "Ethereum Name Service"
 <= 0.1.0
Search vendor "Ens.domains" for product "Ethereum Name Service" and version " <= 0.1.0"
-
Affected