Bit-Flipping Vulnerability in MultiBit HD Allows Insertion of Unspendable Bitcoin Addresses

Bit-Flipping Vulnerability in MultiBit HD Allows Insertion of Unspendable Bitcoin Addresses

CVE-2015-6964 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).

Learn more about our Web Application Penetration Testing UK.