PT-2016-7608 · Bitcoin Knots · Bitcoin Knots

Publicado

2016-10-28

Atualizado

2016-11-29

CVE-2016-8889

CVSS v3.1

6.2

Média

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bitcoin Knots versions 0.11.0.ljr20150711 through 0.13.0.knots20160814

Description The debug console in the affected versions stores sensitive information, including private keys and the wallet passphrase, in its persistent command history.

Recommendations For versions 0.11.0.ljr20150711 through 0.13.0.knots20160814, update to version 0.13.1.knots20161027 or later to resolve the issue. As a temporary workaround, consider clearing the command history in the debug console to minimize the risk of exposing sensitive information.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-310

Identificadores relacionados

CVE-2016-8889

Produtos afetados

Bitcoin Knots

PT-2016-7608 · Bitcoin Knots · Bitcoin Knots

CVE-2016-8889

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5