Vulnerabilities > CVE-2019-6121 - Missing Authorization vulnerability in Nicehash Miner
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://cyberworldmirror.com/nicehash-vulnerability-leaked-miners-information/
- https://cyberworldmirror.com/nicehash-vulnerability-leaked-miners-information/
- https://docs.google.com/document/d/1OubhuTRzuTMnkZ9SCFb8BtJVbTu840wDxyWu3VWHwvs/edit
- https://docs.google.com/document/d/1OubhuTRzuTMnkZ9SCFb8BtJVbTu840wDxyWu3VWHwvs/edit