Monthly Archives: October 2019

[CVE-2019-18635] Moolticute: a NULL-pointer dereference

I started ticking differently after taking on the Corelan Advanced Win32 Exploit Development training last month at BruCON 0x0B. I am very delighted and excited about that, and looking forward to putting the new experience to more practical use. A NULL-pointer dereference According to Wikipedia¹: The program can potentially dereference a null pointer, thereby raising […]

[CVE-2019-12967] Moolticute: Improper Access Control

Mooltipass is a hardware-based password manager that is simple to use and provides an added layer of security (say no more to passwords-reuse). The passwords that are stored on the device are encrypted with AES-256, where the encryption key is stored on an external card, that works as a 2FA-token. The key on the card […]