CVE-2018-1000093

Name of the Vulnerable Software and Affected Versions: CryptoNote versions 0.8.9 and possibly later

Description: The issue allows for remote command execution and takeover of the cryptocurrency wallet. This can occur when an attacker tricks an application, such as a web browser, into connecting and sending a command to the local RPC server, which does not require authentication. The walletd and simplewallet RPC daemons will process any commands sent to them. An attack can be triggered by a victim visiting a webpage hosting malicious content.

Recommendations: For CryptoNote version 0.8.9 and possibly later, consider disabling the local RPC server or implementing authentication to prevent unauthorized access until a patch is available. Restrict access to the walletd and simplewallet RPC daemons to minimize the risk of exploitation. Avoid using the wallet on systems that can be tricked into connecting to malicious servers.