CVE-2023-39910

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 9, 2023
Updated: Sep 7, 2023
CWE ID 338

Summary

CVE-2023-39910, also known as the Milk Sad issue, is a vulnerability that affects the cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer versions 3.0.0 through 3.6.0. This vulnerability stems from the use of an mt19937 Mersenne Twister PRNG, which limits the internal entropy to 32 bits regardless of settings. As a result, remote attackers can exploit this weakness to recover wallet private keys generated from "bx seed" entropy output and steal funds. To remediate this vulnerability, affected users are advised to transfer their funds to a secure new cryptocurrency wallet. It is worth noting that this vulnerability has been exploited in real-world attacks that took place in June and July 2023. The severity of this vulnerability is rated as high due to its potential impact on confidentiality, with a CVSS base score of 7.5.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-39910 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database