CVE-2018-1000022

Sažetak

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

Reference

https://bitcointalk.org/index.php?topic=2702103.0
https://electrum.org/#home
https://github.com/spesmilo/electrum/issues/3374
https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

09-02-2018 - 23:29