Note:
This project will be discontinued after December 13, 2021. [more]
2020-06-16
I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.
| Products | I2p |
| Type | Incorrect Default Permissions (CWE-276) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://geti2p.net/en
• https://blog.blazeinfosec.com/security-advisory-i2p-for-windows-local-privilege-escalation/ |