CVE-2018-1000022
MEDIUMElectrum Bitcoin Wallet <3.0.5 - Missing Authorization
Title source: llmDescription
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/
Third Party Advisory x_refsource_confirm
https://github.com/spesmilo/electrum/issues/3374
Product x_refsource_misc
https://electrum.org/#home
Third Party Advisory x_refsource_misc
https://bitcointalk.org/index.php?topic=2702103.0
Scores
CVSS v3
5.3
EPSS
0.0177
EPSS Percentile
75.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
electrum/bitcoin_wallet
< 3.0.5
Published
Feb 09, 2018
Tracked Since
Feb 18, 2026