Description
An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://docs.google.com/document/d/1OubhuTRzuTMnkZ9SCFb8BtJVbTu840wDxyWu3VWHwvs/edit
Exploit, Third Party Advisory x_refsource_misc
https://cyberworldmirror.com/nicehash-vulnerability-leaked-miners-information/
Scores
CVSS v3
3.7
EPSS
0.0104
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
nicehash/miner
< 2.0.3.0
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026