Discussion:
Electrum in Tails has a serious bug
(too old to reply)
Amir Taaki
2018-02-06 12:17:00 UTC
Permalink
Raw Message
Dear Tails developers,

The current version of Electrum in Tails (2.7) has an attack vector via
open RPC with password-less wallets.

Because Tails has encrypted persistence, many users are likely to use
Electrum on Tails without password protection.

For more information, see here:

https://github.com/spesmilo/electrum-docs/blob/master/cve.rst

Fix: update the Electrum version to the current tarball on the download
page (3.0.6).

Best regards and respect for your continued efforts,
Amir
d***@riseup.net
2018-02-06 15:57:05 UTC
Permalink
Raw Message
Hi Amir,

Please see: https://labs.riseup.net/code/issues/15022

Thanks
Post by Amir Taaki
Dear Tails developers,
The current version of Electrum in Tails (2.7) has an attack vector via
open RPC with password-less wallets.
Because Tails has encrypted persistence, many users are likely to use
Electrum on Tails without password protection.
https://github.com/spesmilo/electrum-docs/blob/master/cve.rst
Fix: update the Electrum version to the current tarball on the download
page (3.0.6).
Best regards and respect for your continued efforts,
Amir
_______________________________________________
Tails-dev mailing list
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
Loading...