You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a wallet is currently unlocked with a true anonymizeonly setting, the wallet can be fully unlocked without using/knowing the wallet passphrase.
Here is the process I went through showing first that the anonymizeonly lock is working as expected, then showing that I can trivially get a full unlock without knowing the password:
When a wallet is currently unlocked with a
true
anonymizeonly setting, the wallet can be fully unlocked without using/knowing the wallet passphrase.Here is the process I went through showing first that the anonymizeonly lock is working as expected, then showing that I can trivially get a full unlock without knowing the password:
Looking good. Now let's say I try to send from this wallet (back to myself for the sake of example):
Good. But now:
If I don't have the existing anonymizeonly unlock active (i.e. after the 60 second expiry set above) the bad password isn't accepted:
This seems to make the anonymizeonly option completely ineffective from a security point of view at the moment and needs a fix ASAP.
The text was updated successfully, but these errors were encountered: