Insecure Wallet Encryption in wxBitcoin and bitcoind by Bitcoin
CVE-2011-4447

Currently unrated

Key Information:

Vendor: Bitcoin
Status: Wxbitcoin; Bitcoin Core
Vendor: CVE Published:; 6 August 2012

What is CVE-2011-4447?

The 'encrypt wallet' functionality in wxBitcoin and bitcoind versions 0.4.x prior to 0.4.1 and 0.5.0rc is vulnerable due to improper interaction with BSDDB's deletion processes. This flaw allows attackers to access sensitive unencrypted private keys from wallet files by circumventing the intended BSDDB interface, particularly exploiting entries that are marked for deletion. As a result, ensuring proper wallet encryption mechanisms is crucial for maintaining the security of Bitcoin assets.

References

https://bitcointalk.org/index.php?topic=51604.0

x_refsource_CONFIRM

https://en.bitcoin.it/wiki/CVEs

x_refsource_CONFIRM

https://bitcointalk.org/index.php?topic=51474.0

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 6, 2012