PT-2019-14488 · Bitcoin+1 · Bitcoin Core+1

Oxagast

Published

2019-08-04

Updated

2022-05-03

CVE-2019-15947

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bitcoin Core version 0.18.0

Description The issue concerns the storage of wallet.dat data in memory by bitcoin-qt. When the program crashes, it may create a core file that contains unencrypted wallet data. If this core file is not handled properly, an attacker could potentially reconstruct the wallet.dat file, including private keys, by using a specific command.

Recommendations For Bitcoin Core version 0.18.0, consider updating to a newer version that addresses this issue, as storing sensitive data unencrypted in memory poses a significant risk. Additionally, handle core files with care to prevent unauthorized access, and avoid using commands that could expose sensitive information, such as private keys.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

ALT-PU-2019-2361

ALT-PU-2019-3097

CVE-2019-15947

MGASA-2020-0458

Affected Products

Alt Linux

Bitcoin Core

PT-2019-14488 · Bitcoin+1 · Bitcoin Core+1

CVE-2019-15947

Weakness Enumeration

Related Identifiers

Affected Products

References · 10