Bug 1007761 (CVE-2016-8889) - VUL-1: CVE-2016-8889: bitcoin: private keys and the wallet passphrase visible in debug console history across restarts
Summary: VUL-1: CVE-2016-8889: bitcoin: private keys and the wallet passphrase visible...
Status: RESOLVED WORKSFORME
Alias: CVE-2016-8889
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 42.2
Hardware: Other Other
: P4 - Low : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-31 13:16 UTC by Alexander Bergmann
Modified: 2017-02-01 11:05 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-10-31 13:16:22 UTC 
Question: I'm not sure if this affects openSUSE or not, so please verify.

CVE-2016-8889

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in
v0.13.1.knots20161027), the debug console stores sensitive information including
private keys and the wallet passphrase in its persistent command history.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8889
http://www.cvedetails.com/cve/CVE-2016-8889/
https://bitcointalk.org/index.php?topic=1618462.0
https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md
Comment 1 Martin Pluskal 2016-10-31 13:31:17 UTC 
Hmpf my understanding is that it does not affect original bitcoin client (bitcoin, or more recently referenced as bitcoin-core).
Comment 2 Swamp Workflow Management 2016-10-31 23:02:09 UTC 
bugbot adjusting priority
Comment 3 Martin Pluskal 2016-11-10 19:45:22 UTC 
Nothing to do for bitcoin.
Comment 4 Andreas Stieger 2017-02-01 11:05:47 UTC 
(In reply to Martin Pluskal from comment #3)
> Nothing to do for bitcoin.