[Tails-dev] Electrum in Tails has a serious bug

This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
drwhax at ->
Delete this message

Reply to this message
Author: Amir Taaki
Date:  
To: tails-dev
Subject: [Tails-dev] Electrum in Tails has a serious bug
Dear Tails developers,

The current version of Electrum in Tails (2.7) has an attack vector via
open RPC with password-less wallets.

Because Tails has encrypted persistence, many users are likely to use
Electrum on Tails without password protection.

For more information, see here:

https://github.com/spesmilo/electrum-docs/blob/master/cve.rst

Fix: update the Electrum version to the current tarball on the download
page (3.0.6).

Best regards and respect for your continued efforts,
Amir

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Searching documents in an airgap TailsRe: [Tails-dev] Electrum in Tails has a serious bug->
lists.autistici.org administrated by postmasterLurker (version 2.3)