You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, dogecoin-qt stores wallet.dat unencrypted in memory. Upon a crash, it may dump a core file that can be used to reconstruct the user's wallet.dat, including the private keys.
This issue is originally reported by oxagast in Bitcoin issue #16824, and has been assigned CVE-2019-15947.
Specifically, we can first send a signal to crash dogecoin-qt, then grep for known parts of a wallet.dat in the .core dump file, e.g., xxd dogecoin-qt.core | grep "6231 0500". With this information, you can find the offset of the wallet within the core file, and reconstruct it per a known wallet.dat's length. Upon reloading the extracted wallet into dogecoin-qt, you'll lose address book information.
We have successfully reproduced this issue on Dogecoin, and the screen shot is attached. The terminal on the right side shows the original wallet.dat file and the terminal on the left side shows the reconstructed test.dat. We can see that they both contain the same address information.
A possible solution is to use madvisehere to avoid including sensitive information in core dumps.
For more information, please check the following pages:
As I was briefly confused why this was an issue, for otgees reading this later, the file on disk is encrypted and this allows extraction of unencrypted keys.
Potential Wallet Address Book Info Leakage
Currently,
dogecoin-qt
storeswallet.dat
unencrypted in memory. Upon a crash, it may dump a core file that can be used to reconstruct the user'swallet.dat
, including the private keys.This issue is originally reported by oxagast in Bitcoin issue #16824, and has been assigned CVE-2019-15947.
Specifically, we can first send a signal to crash
dogecoin-qt
, thengrep
for known parts of awallet.dat
in the.core
dump file, e.g.,xxd dogecoin-qt.core | grep "6231 0500"
. With this information, you can find the offset of the wallet within the core file, and reconstruct it per a knownwallet.dat
's length. Upon reloading the extracted wallet intodogecoin-qt
, you'll lose address book information.We have successfully reproduced this issue on Dogecoin, and the screen shot is attached. The terminal on the right side shows the original
wallet.dat
file and the terminal on the left side shows the reconstructedtest.dat
. We can see that they both contain the same address information.A possible solution is to use
madvise
here to avoid including sensitive information in core dumps.For more information, please check the following pages:
Reported by
de957ad9679f28a38f02f00cc7928bce8fb424882ff060a3c09c32895b1474cc
.The text was updated successfully, but these errors were encountered: