漏洞标题
Ziftr primecoin bitcoinrpc.cpp HTTPAuthorized 时间差异
漏洞描述信息
在Ziftr primecoin的0.8.4rc1版本中发现了一个被分类为有问题的漏洞。受影响的是src/bitcoinrpc.cpp文件中的HTTPAuthorized函数。操纵参数strUserPass/strRPCUserColonPass会导致可观察到的定时差异。攻击的复杂性相当高。利用这个漏洞似乎很困难。升级到版本0.8.4rc2可以解决这个问题。补丁的名称是cdb3441b5cd2c1bae49fae671dc4a496f7c96322。建议升级受影响的组件。该漏洞的相关标识符是VDB-217171。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
Ziftr primecoin bitcoinrpc.cpp HTTPAuthorized timing discrepancy
漏洞描述信息
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.8.4rc2 is able to address this issue. The patch is named cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171.
CVSS信息
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
通过时间差异性导致的信息暴露
漏洞标题
Primecoin 安全漏洞
漏洞描述信息
Primecoin是Ziftr开源的一种实验性加密货币。 Primecoin 0.8.4rc1版本及之前版本存在安全漏洞,该漏洞源于对参数strUserPass/strRPCUserColonPass的错误操作会导致明显的时间差异。
CVSS信息
N/A
漏洞类别
其他