PT-2023-9995 · Ziftr · Ziftr Primecoin

Published

2023-01-01

Updated

2024-05-17

CVE-2013-10006

CVSS v2.0

1.4

Low

Vector

AV:A/AC:H/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ziftr primecoin versions up to 0.8.4rc1

Description A vulnerability was found in the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. The complexity of an attack is rather high, and the exploitation appears to be difficult.

Recommendations For Ziftr primecoin versions up to 0.8.4rc1, upgrade to version 0.8.4rc2 to address this issue. As a temporary workaround, consider restricting access to the HTTPAuthorized function until the patch is applied.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-208

Related Identifiers

CVE-2013-10006

Affected Products

Ziftr Primecoin

PT-2023-9995 · Ziftr · Ziftr Primecoin

CVE-2013-10006

Weakness Enumeration

Related Identifiers

Affected Products

References · 7