An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.
References
Link | Resource |
---|---|
https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302 | Third Party Advisory |
https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto/ | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Mar 2023, 15:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-521 | |
CPE | cpe:2.3:a:samourai-wallet-android_project:samourai-wallet-android:0.99.96i:*:*:*:*:android:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Samourai-wallet-android Project samourai-wallet-android
Samourai-wallet-android Project |
|
References | (MISC) https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302 - Third Party Advisory | |
References | (MISC) https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto/ - Exploit, Technical Description, Third Party Advisory |
04 Mar 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-04 00:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-36689
Mitre link : CVE-2021-36689
CVE.ORG link : CVE-2021-36689
JSON object : View
Products Affected
samourai-wallet-android_project
- samourai-wallet-android
CWE
CWE-521
Weak Password Requirements