Authorization

2023-03-0400:15:00

PRIOn knowledge base

www.prio-n.com

samourai wallet

pin entry

sensitive information

data decryption

brute force

insufficient pin

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.

CPENameOperatorVersion
samourai-wallet-androideq0.99.96105

CPE	Name	Operator	Version
	samourai-wallet-android	eq	0.99.96105

References

code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java

vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto/