In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/94235 | Third Party Advisory VDB Entry |
https://bitcointalk.org/index.php?topic=1618462.0 | Mitigation Third Party Advisory |
https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-10-28T15:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2016-10-23T00:00:00
Link: CVE-2016-8889
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-10-28T15:59:16.780
Modified: 2016-11-29T19:16:12.827
Link: CVE-2016-8889
JSON object: View
Redhat Information
No data.