CVE-2019-6120

Name of the Vulnerable Software and Affected Versions NiceHash Miner versions prior to 2.0.3.0

Description A missing rate limit in the process of adding a wallet via email address allows remote attackers to submit a large number of email addresses, potentially identifying valid ones. This issue can be exploited in conjunction with a username enumeration technique to enumerate a large number of valid users' email addresses.

Recommendations For versions prior to 2.0.3.0, update to version 2.0.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the wallet addition feature via email address to minimize the risk of exploitation.