Vulnerability in Monero wallet makes theft possible.

in #security8 years ago


Users who have a wallet for the cryptocoin Monero need to watch out. There is a vulnerably in the wallet.

The issue is a leak that can be remotely exploited (by visiting a website) and steal your coins.
So in face it is a Cross Site Request Forgery issue. This means an attacker can execute code on your behalf.

In this case the RPC webservice does not explicit demands authentication for payments.

This issue was already known on 6 sept. MWR Labs did contact the developer. There was a hotfix deployed on the 19 of sept. But this is not applied by default. The user also had to enable it!

More info
Source Dutch: https://www.security.nl/posting/486228/Gat+in+digitale+portemonnee+Monero+maakt+diefstal+mogelijk

And comment from Monero.
https://getmonero.org/2016/09/21/a-statement-on-the-mwr-labs-disclosure.html

#monero #cryptocurrency
8 years ago in #security by
$0.03
  • Past Payouts $0.03, 0.00 TRX
  • - Author $0.02, 0.00 TRX
  • - Curators $0.00, 0.00 TRX
14 votes
Reply 3
Sort:  
  • Trending
    • [-]
     8 years ago 

    okay thanks for the heads up

    $0.00
      Reply
      [-]
       8 years ago 

      It is so easy to make a mistake on those wallets...

      $0.00
        Reply
        [-]
         8 years ago 

        This has been patched. Also, nobody lost coins due to this because normal users do not enable RPC. Also, admins who enable RPC to run specific services don't typically surf the internet with a browser and their wallet enabled.

        $0.00
          Reply

          Coin Marketplace

          STEEM 0.18
          TRX 0.14
          JST 0.030
          BTC 58613.96
          ETH 3153.58
          USDT 1.00
          SBD 2.43