CVE-2021-36689

Опубликовано: 04 мар. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.

Ссылки

https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302
Third Party Advisory
https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto/
Exploit
Technical Description
Third Party Advisory
https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302
Third Party Advisory
https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto/
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samourai-wallet-android_project:samourai-wallet-android:0.99.96i:*:*:*:*:android:*:*

EPSS

Процентиль: 10%

0.00036

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-521

Связанные уязвимости

GHSA-j77q-57r3-74g7