N/A

CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior.

N/A

N/A

CryptoNote 安全漏洞

CryptoNote是一套加密货币系统。 CryptoNote 0.8.9版本中存在安全漏洞，该漏洞源于程序没有要求身份验证。远程攻击者可借助托管有恶意内容的网页利用该漏洞执行命令并控制加密货币钱包。

N/A

N/A