Описание
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.
Ссылки
- Third Party Advisory
- https://www.bankinfosecurity.com/exclusive-aussie-firm-loses-5m-to-backdoored-cryptocurrency-a-11057Press/Media CoverageThird Party Advisory
- Third Party Advisory
- https://www.bankinfosecurity.com/exclusive-aussie-firm-loses-5m-to-backdoored-cryptocurrency-a-11057Press/Media CoverageThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (включая)
cpe:2.3:a:soarlabs:soarcoin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00344
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.
EPSS
Процентиль: 57%
0.00344
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo