CVE-2021-36689
CVSS V2 None
CVSS V3 None
Description
An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.
Overview
- CVE ID
- CVE-2021-36689
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-04T00:15:15
- Last Modified Date
- 2023-03-10T15:05:39
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:samourai-wallet-android_project:samourai-wallet-android:0.99.96i:*:*:*:*:android:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://code.samourai.io/wallet/samourai-wallet-android/-/blob/develop/app/src/main/java/com/samourai/wallet/PinEntryActivity.java#L302 | Third Party Advisory |
| https://vrls.ws/posts/2021/08/samourai-wallet-bitcoin-pin-authentication-bypass-crypto/ | Exploit Technical Description Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-36689 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36689 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 05:56:05 | Added to TrackCVE | |||
| 2023-04-17 05:56:09 | Weakness Enumeration | new |