Electrum emergency repair JSONRPC Interface Vulnerability that exposed Bitcoin Wallets to hack
According to media news on January 10, well-known developers purse Electrum recently released a security patch for its bitcoin wallet JSONRPC interfaces vulnerabilities. It is reported that could allow a malicious Web site hosted by Electrum wallet encrypted Web browser to steal money, the researchers speculated that it might be related to exposure JSONRPC interface password. In addition, the attacker can also exploit this vulnerability to obtain private data, such as information Bitcoin address, transaction labels, address labels, wallets contacts. Currently, the vulnerability affects the Electrum 2.6 on almost all platforms – 3.0.4 version.
The researchers presented the details of the vulnerability: Electrum background when the program is running, the attacker can access different virtual hosts electrum wallet by local RPC ports easily on the web server. In addition, the vulnerability allows an attacker to modify user settings when you run Electrum.
Media reports said the flaw has been in existence two years ago, before the Electrum also released a security patch for the vulnerability, but then did not play a role. The researchers recommend that users should upgrade their software Electrum, and stop using the old version.