CVE-2022-40769

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 18, 2022
Published Date: September 18, 2022
Last Updated: August 03, 2024
Vendor: n/a
Product: n/a
Description: profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Status

Exploited in the Wild: Yes (2022-09-18 16:01:08 UTC) Source

References

https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c https://github.com/johguse/profanity https://github.com/johguse/profanity/issues/61

Known Exploited Vulnerability Information

Source	Added Date
CVE	2022-09-18 16:01:08 UTC

Timeline

CVE ID Reserved

September 18, 2022
CVE Published to Public

September 18, 2022
Added to KEVIntel

September 18, 2022