[Tails-dev] Electrum in Tails has a serious bug

Nachricht löschen

Nachricht beantworten
Autor: Amir Taaki
Datum:  
To: tails-dev
Betreff: [Tails-dev] Electrum in Tails has a serious bug
Dear Tails developers,

The current version of Electrum in Tails (2.7) has an attack vector via
open RPC with password-less wallets.

Because Tails has encrypted persistence, many users are likely to use
Electrum on Tails without password protection.

For more information, see here:

https://github.com/spesmilo/electrum-docs/blob/master/cve.rst

Fix: update the Electrum version to the current tarball on the download
page (3.0.6).

Best regards and respect for your continued efforts,
Amir