3 matches found
CVE-2018-1000022
CVE-2018-1000022 affects Electrum Bitcoin Wallet versions prior to 3.0.5, where a Missing Authorization vulnerability in the JSONRPC interface could lead to bitcoin theft if the wallet is not password protected. The issue is exploitable when a user visits a page with specially crafted JavaScript....
CVE-2018-1000022
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a...
Code injection
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...