Information Disclosure in Bitcoin Knots by Bitcoin
CVE-2016-8889

6.2MEDIUM

Key Information:

Vendor

Bitcoin Knots Project

Status
Bitcoin Knots
Vendor
CVE Published:
28 October 2016

What is CVE-2016-8889?

In several versions of Bitcoin Knots, sensitive information, including private keys and wallet passphrases, is recorded in the debug console's persistent command history. This can potentially expose critical user data to unauthorized access, compromising the security of users' Bitcoin wallets. The vulnerability was addressed in the subsequent release, emphasizing the need for users to update to v0.13.1.knots20161027 or later to safeguard their assets.

References

http://www.securityfocus.com/bid/94235
vdb-entryx_refsource_BID
https://bitcointalk.org/index.php?topic=1618462.0
x_refsource_CONFIRM
https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knot...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.