Back to KEVs

CVE-2018-10831

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 09, 2018
Published Date
May 09, 2018
Last Updated
August 05, 2024
Vendor
n/a
Product
Z-NOMP
Description
Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies, and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.

CVSS Scores

CVSS v3.0

7.5 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2018-05-09 05:00:00 UTC) Source

References

https://github.com/edwardz246003/misc/blob/master/Attackers%20Fake%20Computational%20Power%20to%20Steal%20Cryptocurrencies%20from%20Mining%20Pools.md https://blog.zencash.com/update-for-the-equihash-mining-application-z-nomp/

Known Exploited Vulnerability Information

Source Added Date
CVE 2018-05-09 05:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel