Bitcoin Core 0.12.0 up to and including 0.17.1 and Bitcoin Knots 0.12.0 up to and including 0.17.x prior to 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitcoinknots bitcoin knots |
||
bitcoin bitcoin core |