PT-2018-9575 · Bitpay · Copay Bitcoin Wallet

Fallingsnow

Published

2018-12-20

Updated

2020-08-24

CVE-2018-1000851

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Copay Bitcoin Wallet versions 5.01 through 5.1.0

Description The issue concerns the storage of wallet private keys, which can be compromised. This can occur when the affected version runs malicious code at startup. It is estimated that a significant number of users may be affected, although the exact number is not specified. The vulnerability appears to have been addressed in version 5.2.0 and later.

Recommendations For Copay Bitcoin Wallet versions 5.01 through 5.1.0, update to version 5.2.0 or later to resolve the issue.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-1000851

Affected Products

Copay Bitcoin Wallet

PT-2018-9575 · Bitpay · Copay Bitcoin Wallet

CVE-2018-1000851

Weakness Enumeration

Related Identifiers

Affected Products

References · 6