Description
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94235
Mitigation, Third Party Advisory x_refsource_confirm
https://bitcointalk.org/index.php?topic=1618462.0
Patch, Vendor Advisory x_refsource_confirm
https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md
Scores
CVSS v3
6.2
EPSS
0.0046
EPSS Percentile
36.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
CWE-310
Status
published
Products (7)
bitcoin_knots_project/bitcoin_knots
0.11.0 (4 CPE variants)
bitcoin_knots_project/bitcoin_knots
0.11.1 (3 CPE variants)
bitcoin_knots_project/bitcoin_knots
0.11.2 (2 CPE variants)
bitcoin_knots_project/bitcoin_knots
0.12.0 (6 CPE variants)
bitcoin_knots_project/bitcoin_knots
0.12.0.knots20160226 rc1
bitcoin_knots_project/bitcoin_knots
0.12.1.knots20160629 rc2
bitcoin_knots_project/bitcoin_knots
0.13.0.knots20160814
Published
Oct 28, 2016
Tracked Since
Feb 18, 2026