profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
References
Link | Resource |
---|---|
https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c | Third Party Advisory |
https://github.com/johguse/profanity | Third Party Advisory |
https://github.com/johguse/profanity/issues/61 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-18T16:01:08
Updated: 2022-09-18T16:01:08
Reserved: 2022-09-18T00:00:00
Link: CVE-2022-40769
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-18T17:15:09.667
Modified: 2022-09-21T14:33:02.350
Link: CVE-2022-40769
JSON object: View
Redhat Information
No data.
CWE