CVE-2013-10006

Name of the Vulnerable Software and Affected Versions Ziftr primecoin versions up to 0.8.4rc1

Description A vulnerability was found in the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. The complexity of an attack is rather high, and the exploitation appears to be difficult.

Recommendations For Ziftr primecoin versions up to 0.8.4rc1, upgrade to version 0.8.4rc2 to address this issue. As a temporary workaround, consider restricting access to the HTTPAuthorized function until the patch is applied.