Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-779w-xvpm-78jx

GitHub Security Advisory

twitch-tui's connection is not encrypted

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Summary
The connection is not using TLS for communication

### Details
In the configuration of the irc connection, [you are disabling tls](https://github.com/Xithrius/twitch-tui/blob/340afc3c8c07a83289fe6ef614aa7563c8b70756/src/twitch/connection.rs#L23) which makes all communication to twitch irc servers unencrypted.

### PoC
You can verify by using tcpdump/wireshark that traffic is unencrypted.

### Impact
Communication can be sniffed, even auth tokens.

Affected Packages

crates.io twitch-tui
Affected versions: 0 (fixed in 2.4.1)

Related CVEs

CVE-2023-38688

Key Information

GHSA ID
GHSA-779w-xvpm-78jx
Published
July 31, 2023 10:02 PM
Last Modified
August 4, 2023 6:41 PM
CVSS Score
7.5 /10
Primary Ecosystem
crates.io
Primary Package
twitch-tui
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.