[Security advisory] New attack from malicious remote nodes

tevador
0
0

There is a vulnerability in Monero wallets that can be exploited by a malicious remote node. The vulnerability has a CVSS score of 6.5 (medium severity). The impact of the exploit is more than just privacy loss, but the attacker cannot steal Monero from your wallet.

I recommend to stop using 3rd party remote nodes immediately. Run your own node instead. If you can't avoid using a 3rd party node, make sure you trust the node operator.

This vulnerability was reported in January on HackerOne. Unfortunately, there is no easy way to fix it. Due to the limited impact of the exploit, the Monero team has decided not to provide a patch. Full details of the vulnerability will be disclosed soon.

Related news

06 June 2023
OpenHWW update: No more Ledger, Atomic heart bleeding. Monero Official CLI, Monero Feather wallets, as well as Bitcoin Electrum wallet, all can work through Tor/Tor Browser (new screenshots added)
Ultimately secure replacement of hardware, software wallets for all the cryptocurrencies and digital assets. No more Ledger, Atomic heart bleeding
Monero
minexmr2.com
06 June 2023
US SEC Sues Binance, CEO Zhao For Flouting Securities Laws
The U.S. SEC has charged Binance and its CEO Changpeng Zhao with several violations including operating an unregistered securities exchange.
Monero
thetechee.com
05 June 2023
Monero mobile wallet Monerujo updated with a PocketChange feature that changes the user experience, reducing or eliminating the long waiting times between spends.
PocketChange is the latest feature to be added to the mobile Monero wallet Monerujo. In a nutshell, when it’s enabled Monerujo creates extra change transactions when you spend, so you have always…
Monero
anhdres.medium.com
03 June 2023
Tor 0.4.8.1-alpha released, featuring Proof-of-Work for Onion Services
Where to Download Tarballs Gitlab Repository Bug Report Changes Below are the major changes of the released versions and links to more detailed release notes. Alpha There are two major features in this very first a…
Monero
forum.torproject.net
Copyright © 2023 - All right reserved