QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000022

Published: Feb 9, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/

x_refsource_MISC

https://github.com/spesmilo/electrum/issues/3374

x_refsource_CONFIRM

https://electrum.org/#home

x_refsource_MISC

https://bitcointalk.org/index.php?topic=2702103.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.