Users who have a wallet for the cryptocoin Monero need to watch out. There is a vulnerably in the wallet.
The issue is a leak that can be remotely exploited (by visiting a website) and steal your coins.
So in face it is a Cross Site Request Forgery issue. This means an attacker can execute code on your behalf.
In this case the RPC webservice does not explicit demands authentication for payments.
This issue was already known on 6 sept. MWR Labs did contact the developer. There was a hotfix deployed on the 19 of sept. But this is not applied by default. The user also had to enable it!
More info
Source Dutch: https://www.security.nl/posting/486228/Gat+in+digitale+portemonnee+Monero+maakt+diefstal+mogelijk
And comment from Monero.
https://getmonero.org/2016/09/21/a-statement-on-the-mwr-labs-disclosure.html
okay thanks for the heads up
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It is so easy to make a mistake on those wallets...
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This has been patched. Also, nobody lost coins due to this because normal users do not enable RPC. Also, admins who enable RPC to run specific services don't typically surf the internet with a browser and their wallet enabled.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit