Vulnerability: Unencrypted Private Key Extraction in wxBitcoin and bitcoind

Vulnerability: Unencrypted Private Key Extraction in wxBitcoin and bitcoind

CVE-2011-4447 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.

Learn more about our Web Application Penetration Testing UK.