CVE-2017-12113

Vulnerability

An improper authorization vulnerability exists in the admin_nodeInfo API of cpp-ethereum's JSON-RPC server (commit 4e1015743b95821849d001618a7ce82c7c073768). The API fails to enforce proper access controls, allowing any remote request to trigger functionality reserved for administrators. The JSON-RPC interface is bound to 0.0.0.0 by default and does not require a specific Content-Type header, making it accessible to unauthenticated attackers [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted JSON request to the admin_nodeInfo API endpoint. No authentication or user interaction is required. Because the interface listens on all network interfaces (default configuration) and does not enforce Content-Type validation, the API can be triggered via CSRF or SSRF attacks, even from behind NAT [1].

Impact

Successful exploitation allows an attacker to retrieve sensitive node information (e.g., enode ID, IP address, and configuration details) without authorization. This information disclosure (Confidentiality Low) could aid further attacks on the node or the Ethereum network [1].

Mitigation

As of the publication date, no official patch is disclosed in the available references. Users are advised to restrict network access to the JSON-RPC interface (e.g., bind to localhost) and enforce proper authentication mechanisms. Later versions of cpp-ethereum may have addressed this issue, but no specific fixed version is mentioned [1].