Vulnerability Description
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Soarlabs | Soarcoin | <= 4a2aa71ee21014e2880a3f7aad11091ed6ad434f |
References
- https://raw.githubusercontent.com/neowenyuan27/SoarCoin/master/wallet/soarcoinv2Third Party Advisory
- https://www.bankinfosecurity.com/exclusive-aussie-firm-loses-5m-to-backdoored-crPress/Media CoverageThird Party Advisory
- https://raw.githubusercontent.com/neowenyuan27/SoarCoin/master/wallet/soarcoinv2Third Party Advisory
- https://www.bankinfosecurity.com/exclusive-aussie-firm-loses-5m-to-backdoored-crPress/Media CoverageThird Party Advisory
FAQ
What is CVE-2018-1000203?
CVE-2018-1000203 is a vulnerability with a CVSS score of 7.5 (HIGH). Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero...
How severe is CVE-2018-1000203?
CVE-2018-1000203 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000203?
Check the references section above for vendor advisories and patch information. Affected products include: Soarlabs Soarcoin.