CVE-2019-6121 Information

Description

An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner’s information about such as his recent payments unclaimed Balance Old Balance (at the time of December 2017 breach) Projected payout Mining stats like profitability Efficiency Number of workers etc.. A valid Email address is required in order to retrieve this Information.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://cyberworldmirror.com/nicehash-vulnerability-leaked-miners-information/ https://docs.google.com/document/d/1OubhuTRzuTMnkZ9SCFb8BtJVbTu840wDxyWu3VWHwvs/edit

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.7