PT-2016-7608 · Bitcoin Knots · Bitcoin Knots

Published

2016-10-28

Updated

2016-11-29

CVE-2016-8889

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bitcoin Knots versions 0.11.0.ljr20150711 through 0.13.0.knots20160814

Description The debug console in the affected versions stores sensitive information, including private keys and the wallet passphrase, in its persistent command history.

Recommendations For versions 0.11.0.ljr20150711 through 0.13.0.knots20160814, update to version 0.13.1.knots20161027 or later to resolve the issue. As a temporary workaround, consider clearing the command history in the debug console to minimize the risk of exposing sensitive information.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-310

Related Identifiers

CVE-2016-8889

Affected Products

Bitcoin Knots

PT-2016-7608 · Bitcoin Knots · Bitcoin Knots

CVE-2016-8889

Weakness Enumeration

Related Identifiers

Affected Products

References · 5