CVE-2018-10831 Information

Description

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares as demonstrated by providing a solution with x1=1x2=1x3=1…x512=1 to bypass this verifier for any blockheader. This originally affected (for example) the Bitcoin Gold and Zcash cryptocurrencies and continued to be exploited in the wild in May 2018 against smaller cryptocurrencies.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://blog.zencash.com/update-for-the-equihash-mining-application-z-nomp/ https://github.com/edwardz246003/misc/blob/master/Attackers20Fake20Computational20Power20to20Steal20Cryptocurrencies20from20Mining20Pools.md

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5