CVE-2020-6861 PoC — Ledger SAS Ledger Monero app 信息泄露漏洞

Source

https://github.com/ph4r05/ledger-app-monero-1.42-vuln

Associated Vulnerability

Title:Ledger SAS Ledger Monero app 信息泄露漏洞 (CVE-2020-6861)
Description:Ledger SAS Ledger Monero app是法国Ledger SAS公司的一款用于Ledger电子钱包设备管理的应用程序。 Ledger SAS Ledger Monero app 1.5.1之前版本（用于Ledger Nano和Ledger S设备）中存在安全漏洞。攻击者可通过发送特制的消息利用该漏洞获取敏感信息。

Description

PoC repository for CVE-2020-6861: Ledger Monero App Spend key Extraction

Readme

# CVE-2020-6861: Ledger Monero App Spend key Extraction

PoC repository for article:

[https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html](https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html)

File Snapshot


 [4.0K]  /data/pocs/1ab4098d45102d116f737122cc4c352f5019ee95
├── [2.3K]  building_app.md
├── [1.6K]  ledger-bounty.asc
├── [ 18K]  ledger_monero_vuln02.md
├── [9.4K]  ledger_monero_vulnerability_disclosure.md
├── [5.2K]  ledger_report_ph4r05.md.asc
├── [1.8K]  poc.ipynb
├── [2.3K]  poc_math.sage
├── [ 11K]  poc.py
├── [ 516]  poc_sim.py
└── [ 252]  README.md

0 directories, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!