Zecwallet Lite Critical MITM Vulnerability

This issue, caused by turning off tls verification meant that any network level adversary could MITM the connection, intercept requests and distort consensus - a truly critical bug for a light wallet whose sole responsibility is not allowing network level adversaries to do those kind of things.

This isn't the only issue zecwallet lite, and I might find some time this weekend to dive into some of the others, but the existence of such an impactful bug, caused by such a trivial failure in security practice should raise concerns about using the app until it has been well vetted.

• log sec-research privacy-research