CVE-2016-8889

MEDIUM

Bitcoin Knots <0.13.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94235
Mitigation, Third Party Advisory x_refsource_confirm
https://bitcointalk.org/index.php?topic=1618462.0

Scores

CVSS v3 6.2
EPSS 0.0046
EPSS Percentile 36.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-310
Status published
Products (7)
bitcoin_knots_project/bitcoin_knots 0.11.0 (4 CPE variants)
bitcoin_knots_project/bitcoin_knots 0.11.1 (3 CPE variants)
bitcoin_knots_project/bitcoin_knots 0.11.2 (2 CPE variants)
bitcoin_knots_project/bitcoin_knots 0.12.0 (6 CPE variants)
bitcoin_knots_project/bitcoin_knots 0.12.0.knots20160226 rc1
bitcoin_knots_project/bitcoin_knots 0.12.1.knots20160629 rc2
bitcoin_knots_project/bitcoin_knots 0.13.0.knots20160814
Published Oct 28, 2016
Tracked Since Feb 18, 2026