CVE-2016-8889

MEDIUM

Bitcoin Knots <0.13.0 - Info Disclosure

Title source: llm

Description

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94235

[Mitigation, Third Party Advisory] https://bitcointalk.org/index.php?topic=1618462.0

[Patch, Vendor Advisory] https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md

View Patch ZIP pw:eip

Scores

CVSS v3 6.2

EPSS 0.0008

EPSS Percentile 24.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-310 CWE-200

Status published

Affected Products (19)

bitcoin_knots_project/bitcoin_knots

... and 4 more

Timeline

Published Oct 28, 2016

Tracked Since Feb 18, 2026