Brute Force Vulnerability in Streetside Samourai Wallet by Samourai
CVE-2021-36689

5.5MEDIUM

Key Information:

Vendor: Samourai-wallet-android Project
Status: Samourai-wallet-android
Vendor: CVE Published:; 4 March 2023

Summary

In the Streetside Samourai Wallet version 0.99.96i, an issue occurs in the PinEntryActivity.java component which permits attackers to exploit the PIN verification mechanism. By leveraging a compromised samourai.dat file, an attacker can conduct brute force attempts on 5 to 8 digit PINs, potentially exposing sensitive user information. This vulnerability highlights the importance of stronger PIN configurations to prevent unauthorized access.

References

https://code.samourai.io/wallet/samourai-wallet-android/-...

https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2023
Vulnerability Reserved
Jul 12, 2021