CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/commands/seed.cpp#L44	Third Party Advisory
https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/utility.cpp#L78	Third Party Advisory
https://github.com/libbitcoin/libbitcoin-explorer/wiki/CVE-2023-39910
https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78	Third Party Advisory
https://milksad.info/disclosure.html	Third Party Advisory
https://news.ycombinator.com/item?id=37054862	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libbitcoin:libbitcoin_explorer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-09 03:15

Updated : 2023-09-07 07:15

NVD link : CVE-2023-39910

Mitre link : CVE-2023-39910

CVE.ORG link : CVE-2023-39910

JSON object : View

Products Affected

libbitcoin

libbitcoin_explorer

CWE

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

{"id": "CVE-2023-39910", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-08-09T03:15:44.867", "references": [{"url": "https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/commands/seed.cpp#L44", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/utility.cpp#L78", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/libbitcoin/libbitcoin-explorer/wiki/CVE-2023-39910", "source": "cve@mitre.org"}, {"url": "https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://milksad.info/disclosure.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://news.ycombinator.com/item?id=37054862", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from \"bx seed\" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against \"bx seed\" but others disagree. NOTE: this was exploited in the wild in June and July 2023."}], "lastModified": "2023-09-07T07:15:08.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libbitcoin:libbitcoin_explorer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C1BE437-D4DF-4582-85C4-E1FA9CEBB33D", "versionEndIncluding": "3.6.0", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}