TrustWalletCore contains Weak Encryption implementations. The vulnerability exists in mt19937 seed generation which has only 32 bits of entropy resulting in only 4 billion mnemonics which allows an attacker to brute force the private key.
CPE | Name | Operator | Version |
---|---|---|---|
trustwalletcore | le | 3.1.0 | |
@trustwallet/wallet-core | le | 3.1.0 | |
trustwalletcore | le | 3.1.0 | |
@trustwallet/wallet-core | le | 3.1.0 |
blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/
community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787
community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786
github.com/advisories/GHSA-pm4f-pggw-8jwc
github.com/trustwallet/wallet-core/commit/69b2da9826dfdeb8116be1e5a3747b3e9418592d
github.com/trustwallet/wallet-core/compare/3.1.0...3.1.1
github.com/trustwallet/wallet-core/issues/2701
github.com/trustwallet/wallet-core/pull/2726
twitter.com/TrustWallet/status/1649699428733947906