A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.
References
Link | Resource |
---|---|
https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html | Exploit Third Party Advisory |
https://donjon.ledger.com/lsb/008/ | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-06T13:15:31
Updated: 2020-05-06T13:15:31
Reserved: 2020-01-13T00:00:00
Link: CVE-2020-6861
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-05-06T14:15:11.083
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-6861
JSON object: View
Redhat Information
No data.
CWE