Chia Blockchain 2.1.0: Local Authentication Bypass through RPC Server

Summary

A security flaw in Chia Blockchain 2.1.0 allows an attacker with local access to bypass authentication and access sensitive data. This means an attacker can potentially access sensitive information without needing a valid login. To protect your system, ensure your Chia Blockchain installation is up to date and follow best practices for securing your server environment.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
chia	blockchain	2.1.0	–

Original title

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes...

Original description

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

nvd CVSS2.0 3.5

nvd CVSS3.1 7.0

nvd CVSS4.0 2.0

Vulnerability type

CWE-287 Improper Authentication

CWE-306 Missing Authentication for Critical Function

https://github.com/Danimlzg/chia-rpc-auth-bypass.git Exploit Third Party Advisory
https://vuldb.com/?ctiid.347750 Permissions Required VDB Entry
https://vuldb.com/?id.347750 Third Party Advisory VDB Entry
https://vuldb.com/?submit.757201 Third Party Advisory VDB Entry