Bitcoin core developer, Luke Dashjr, reported last Friday about a vulnerability in the Bitcoin core client and also in the version derived from this, bitcoin knots, which makes the bitcoin nodes operated by remote access computers sensitive Shared. However, due to its nature and the functioning of Bitcoin, the vulnerability is low impact, denotes DASHJR.
A user who leverages this vulnerability vector can access authentication credentials, and with them "make their own requests, including RPC — remote procedure call or call from remoting — that can compromise the Consensus, send the bitcoins of the wallet to another place, etc., "underlined DASHJR.
The developer released on Collapse, as a result of the remote use of the computer in which this software is run. "In all cases with multiple users, attempting to use the RPC service while its node is not running can create a security risk," is read in the DASHJR report.
It should be noted that whenever the node is not running the vulnerability is usable, the report points, so that the user must always ensure that the node is running before accessing 8 the report CVE-2018-20587 on this failure, which explains that this vector could cause the node collapse, as a result of the remote use of the computer in which this software is run. "In all cases with multiple users, attempting to use the RPC service while its node is not running can create a security risk," is read in the DASHJR report.
It should be noted that whenever the node is not running the vulnerability is usable, the report points, so that the user must always ensure that the node is running before accessing RPC Services (remote Procedure Call), a program type that uses a computer to run a certain code on another remote machine.