When a new node (J) joins the blockchain, say by joining an existing node (X), it provides its own address (A) and certificate (C) to the node X, and authenticates with a joining token (T).
Node X doesn't validate whether the new node is effectively reachable at the address A, it is thus possible for J to submit an invalid (or malicious) certificate C for an address A matching that of existing nodes. This new certificate then gets broadcast by the node X to all other joined nodes (and promptly accepted by them).
Thus, node J can effectively carry out a denial-of-service attack against any existing (joined) node by replacing its certificate.
If node J also gains control of the network, this can lead to a MITM attack.
Furthermore, joining tokens can be reused multiple times, which entails that this attack can be carried out against multiple nodes at once.
When a new node (J) joins the blockchain, say by joining an existing node (X), it provides its own address (A) and certificate (C) to the node X, and authenticates with a joining token (T).
Node X doesn't validate whether the new node is effectively reachable at the address A, it is thus possible for J to submit an invalid (or malicious) certificate C for an address A matching that of existing nodes. This new certificate then gets broadcast by the node X to all other joined nodes (and promptly accepted by them).
Thus, node J can effectively carry out a denial-of-service attack against any existing (joined) node by replacing its certificate.
If node J also gains control of the network, this can lead to a MITM attack.
Furthermore, joining tokens can be reused multiple times, which entails that this attack can be carried out against multiple nodes at once.