4 matches found
CVE-2024-23660
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...
CVE-2024-23660
creationtimestamp| type| source ---|---|--- 2024-02-08 21:31:56+00:00| seen| https://t.me/ctinow/181641 2024-02-15 19:17:08+00:00| seen| https://t.me/ctinow/185797 2024-02-15 20:16:27+00:00| seen| https://t.me/BitLenta/25052 2024-02-15 21:31:24+00:00| published-proof-of-concept|...
VulnCheck KEV: CVE-2024-23660
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July...
CVE-2024-23660
The CVE-2024-23660 entry concerns Binance Trust Wallet for iOS (version 0.0.4). The root cause is misuse of the trezor-crypto library, causing mnemonic words to be generated with device time as the sole entropy source. This leads to predictable mnemonics and potential theft of funds, with real-wo...