Beware Monero users: CSRF vuln allows remote compromise of wallet.

https://labs.mwrinfosecurity.com/advisories/csrf-vulnerability-allows-for-remote-compromise-of-monero-wallets/

A patch was added to the hard fork release this month, but the default is to have it disabled?!? Be aware.


Comments


[2 Points] avgeca:

bug was already known (thx to responsible disclosure by MRW) and has been fixed:

https://getmonero.org/2016/09/21/a-statement-on-the-mwr-labs-disclosure.html


[0 Points] jack19056:

LOL