High severity8.8OSV Advisory· Published Mar 13, 2018· Updated Jun 17, 2026
CVE-2018-1000093
CVE-2018-1000093
Description
CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v0.8.9+ 1 more
- (no CPE)range: v0.8.9
- (no CPE)range: >=0.8.9
Patches
Vulnerability mechanics
References
3- github.com/cryptonotefoundation/cryptonote/issues/172nvdExploitIssue TrackingThird Party Advisory
- www.ayrx.me/cryptonote-unauthenticated-json-rpcnvdExploitThird Party Advisory
- github.com/amjuarez/bytecoin/issues/217nvdBroken LinkThird Party Advisory
News mentions
0No linked articles in our index yet.