CVE-2023-31290 : What You Need to Know
Trust Wallet Core before 3.1.1 allows theft of funds due to low entropy, enabling malicious actors to exploit mnemonics. Upgrade versions and move funds to new addresses for protection.
Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds due to low entropy, which has been exploited in the wild. The vulnerability arises from the limited possibilities of mnemonics generation, facilitating fund theft by identifying specific Ethereum addresses. Affected users are advised to upgrade the product version and move funds to a new wallet address.
Understanding CVE-2023-31290
This section delves into the details of the CVE-2023-31290 vulnerability in Trust Wallet Core.
What is CVE-2023-31290?
CVE-2023-31290 pertains to Trust Wallet Core before version 3.1.1 and the Trust Wallet browser extension prior to version 0.0.183, where a lack of entropy leads to the theft of funds.
The Impact of CVE-2023-31290
The exploit of this vulnerability allows malicious actors to efficiently steal funds by leveraging the limited possibilities in mnemonic generation.
Technical Details of CVE-2023-31290
This section provides further technical insights into the vulnerability.
Vulnerability Description
The vulnerability stems from Trust Wallet Core using a 32-bit value as an input seed for the mt19937 Mersenne Twister, resulting in only four billion possible mnemonics.
Affected Systems and Versions
The affected versions of the Trust Wallet browser extension range from 0.0.172 to 0.0.182.
Exploitation Mechanism
To conduct fund theft, attackers can identify Ethereum addresses created since the 0.0.172 release and determine if they match those generated using the extension.
Mitigation and Prevention
In response to CVE-2023-31290, users are urged to take immediate action and adopt long-term security measures.
Immediate Steps to Take
Affected users should promptly upgrade their Trust Wallet Core to version 3.1.1 and the browser extension to version 0.0.183. Additionally, moving funds to a new wallet address is recommended.
Long-Term Security Practices
To enhance security, users are encouraged to follow best practices such as regularly updating software, securing private keys, and exercising caution when interacting with cryptocurrency wallets.
Patching and Updates
Users should stay vigilant for security updates from Trust Wallet and apply patches promptly to safeguard against potential vulnerabilities.