Vulnerability Details CVE-2016-8889
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.8%
CVSS Severity
CVSS v3 Score 6.2
CVSS v2 Score 2.1
References
- http://www.securityfocus.com/bid/94235
- https://bitcointalk.org/index.php?topic=1618462.0
- https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md
- http://www.securityfocus.com/bid/94235
- https://bitcointalk.org/index.php?topic=1618462.0
- https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md
Products affected by CVE-2016-8889
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.0
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.1
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.2
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0.knots20160226
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.1.knots20160629
-
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.13.0.knots20160814