CVE-2019-12999

Vulnerability

Overview

CVE-2019-12999 is an incorrect access control vulnerability in Lightning Network Daemon (lnd) before version 0.7.0-beta [1]. The root cause lies in a bug that could allow an attacker to open invalid channels or manipulate payment forwarding in a way that leads to fund loss for the node operator [1][4]. The issue was addressed in the v0.7.0-beta release, which included important bug fixes along with other improvements [1].

Attack

Vector and Prerequisites

The vulnerability can be exploited without requiring special privileges on the target node. An attacker can craft and open invalid channels with a victim lnd node [4]. Once such a channel is established, the attacker may be able to use it to forward payments that result in loss of funds from the victim's node [4]. The attacker needs to be able to establish a channel with the target, meaning they must be part of the Lightning Network and connect to the victim's node via the peer-to-peer protocol. No authentication beyond that required to open a normal channel is needed [1][4].

Impact

A successful exploit allows the attacker to trigger loss of funds from the victim's lnd node [1][4]. The tool chanleakcheck was developed to help node operators determine if their node was targeted by this CVE and to quantify any lost coins [4]. The impact is financial loss directly affecting Bitcoin or other Lightning Network assets controlled by the node.

Mitigation

The vulnerability is fixed in lnd version 0.7.0-beta and later [1]. Users are strongly advised to upgrade to this release. For those who may have been affected, the chanleakcheck tool [4] can be used to detect exploitation and assess damage. There is no workaround for unpatched versions; upgrading is the only complete mitigation.