Insufficient PIN Length in Streetside Samourai Wallet 0.99.96i Allows Brute Force Attack and Data Decryption

Insufficient PIN Length in Streetside Samourai Wallet 0.99.96i Allows Brute Force Attack and Data Decryption

CVE-2021-36689 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.

Learn more about our Web Application Penetration Testing UK.