In Electrum wallet fixed a critical vulnerability. allowing sites to steal bitcoins

In a «lightweight» wallet bitcoin Electrum the evening of January 6 was discovered a critical vulnerability that allowed to access the wallet via Javascript. Thus, malicious sites could steal bitcoin users, when visiting these sites if the Electrum wallet at this time was launched.

A hacker or malicious site can connect to the wallet using default JSON RPC interface and pass it an arbitrary console commands, including export keys.

Wallets without a password are most at risk. If the wallet is encrypted using a sufficiently complex password, it is relatively safe, if the owner does not commit transactions or other actions that in a short time leave the purse unprotected.

The vulnerability also applies to copies of Electrum, for example, Electron Cash.

The vulnerability was partially fixed in version 3.0.4, which is available on the website Electrum January 7, and on the night of January 8 published version 3.05 that fixes the vulnerability is more reliable by disabling the JSON RPC interface when running the GUI wallet, as well as protecting it by a password by default.

All users of this wallet you need to install the hotfix before continuing to use the wallet.

Добавить комментарий