CVE-2020-5232 HIGH

CVE-2020-5232: Ethereum Name Service - Malicious takeover of previously owned ENS names

Vendor Ensdomains

Product @ensdomains/ens

Weakness CWE-285

Published January 30, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.

Key dates

02Disclosure timeline

January 30, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5232 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

CVE-2020-5232: Ethereum Name Service - Malicious takeover of previously owned ENS names

01Description

02Disclosure timeline

03References

04Related CVE