Monero Wallet Security Threat Fixed with the Latest Hotfix

Owing to its additional privacy and security features, Monero is notably giving Bitcoin a tough competition as a darknet currency. However, a recent security alert has indicated that even though Monero transactions are safe and secure, the wallets aren’t.

MWR Labs, a cybersecurity company, had released an advisory earlier this month stating the presence of a Cross Site request Forgery vulnerability. The vulnerability could potentially allow attackers to remotely steal Monero cryptocurrency from users who are using the compromised version of wallet. The list of vulnerable wallets included – Monero SimpleWallet, LightWallet, Wallet Chrome, GUI, Minonodo and other wallets for JS, NodeJS, and QT.

All these vulnerable wallets were known to host an RPC web service on the local host – port 10802 – which eliminated the need for user authentication during payment initiation. MWR Labs, in its advisory, also posted the code snippet that can be used to exploit the vulnerability. Here is what it looks like:


    form action= method=post enctype="text/plain" name="pay"   

        input name='{"jsonrpc":"2.0","id":"0","method":"transfer","params":{"destinations":[{"amount":100000000000,"address":"49FuXtv95dkZj5aDaoWkbjQRv9Qu6UMwAAJKP68vksbpRJEPNZfkr6Ecbj9wrqG4xHAiMArmpGsxRbkmxAC8NEydBEvc162"}],"fee":000000000000,"mixin":3,"unlock_time":0,"payment_id":"","get_tx_key":true}}' type='hidden'  





Since the issue was made public, the team behind Monero cryptocurrency have fixed the issue

Read more ... source: NewsBTC USA