Vulnerabilities > CVE-2018-20587
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
Vulnerable Configurations
References
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
- https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b
- https://medium.com/%40lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b