Lucene search

Veracode Vulnerability DatabaseVERACODE:40411

HistoryMay 08, 2023 - 7:11 a.m.

Weak Encryption

2023-05-0807:11:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

trustwalletcore

weak encryption

seed generation

32 bits

entropy

brute force

private key

0.001 Low

EPSS

Percentile

48.8%

JSON

TrustWalletCore contains Weak Encryption implementations. The vulnerability exists in mt19937 seed generation which has only 32 bits of entropy resulting in only 4 billion mnemonics which allows an attacker to brute force the private key.

CPENameOperatorVersion
trustwalletcorele3.1.0
@trustwallet/wallet-corele3.1.0
trustwalletcorele3.1.0
@trustwallet/wallet-corele3.1.0

Name	Operator	Version
trustwalletcore	le	3.1.0
@trustwallet/wallet-core	le	3.1.0
trustwalletcore	le	3.1.0
@trustwallet/wallet-core	le	3.1.0

References

blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/

community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787

community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786

github.com/advisories/GHSA-pm4f-pggw-8jwc

github.com/trustwallet/wallet-core/commit/69b2da9826dfdeb8116be1e5a3747b3e9418592d

github.com/trustwallet/wallet-core/compare/3.1.0...3.1.1

github.com/trustwallet/wallet-core/issues/2701

github.com/trustwallet/wallet-core/pull/2726

twitter.com/TrustWallet/status/1649699428733947906

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for VERACODE:40411