:: [Libbitcoin] CVE-2023-39910
Top Page
Delete this message
Reply to this message
Author: eric
Date:  
To: libbitcoin
Subject: [Libbitcoin] CVE-2023-39910
The following CVE has been published in relation to BX.

https://nvd.nist.gov/vuln/detail/CVE-2023-39910

Libbitcoin developers have:

* Removed the `seed` command from version3 (and master).
* Tagged a new 3.8.0 release (without the command).
* Replaced `bx seed` with `echo [user entropy]` in certain documentation
examples.
* Removed precompiled binaries for previous bx versions.
* Submitted the two items of feedback below to MITRE (CVE maintainers).
* Posted this notice to the libbitcoin Slack and mailing list.

----------------------------------------------------------------------------
------

The libbitcoin open source team rejects the implication that the issue is of
"bad cryptography" and accepts that people may have used the command in a
manner not intended (and warned against). Consequently we have simply
removed the command in updated version 3.8.0. All examples in the provided
documentation have been updated to replace `bx seed` with `echo [user
entropy]`. Precompiled binaries of older versions previously available for
download have been removed. As such there is no longer any potential for the
command to be misused in the current release.

https://github.com/libbitcoin/libbitcoin-explorer/releases/tag/v3.8.0
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-hd-new#example-4
https://github.com/libbitcoin/libbitcoin-explorer/wiki/Download-BX

----------------------------------------------------------------------------
------

>From the CVE Description:


"...NOTE: the vendor's position is that there was sufficient documentation
advising against "bx seed" but others disagree."

The question is not of "sufficiency", but intent. The bx 3.x `seed` command
was not intended for live wallet use. The warning against it is even
referenced in the "Milk Sad" article. The fact that some people appear to
have used the command for live wallet seeding implies that documentation may
have been "insufficient", however it is ultimately impossible to force
people to read, understand and respect documentation. In fact we have been
advised by the authors of this CVE that the two parties identified in their
research did not even read the documentation for the `seed` command - they
assumed its behavior.

It is a design goal that users provide entropy on the command line (or by
parameter to any API that requires it), which is why the command is not
necessary. It was provided as a convenient way to obtain properly formatted
and sized (length, not strength) pseudo entropy for the vast majority of use
cases. bx demonstrates C++ calling conventions and usage of many of the APIs
exposed by the 9 other libraries, tying those calls to real-world scenarios
in order to provide context and therefore better understanding of what are
often difficult topics. bx is not a wallet - manual creation of live wallets
using the "development toolkit" requires significant expertise and caution
and is not advised.

Suggested description:

"The Bitcoin developer toolkit utility application Libbitcoin Explorer (bx)
provides a pseudo entropy command not intended for live cryptocurrency
wallet seeding, yet analysis implies that some users may have not heeded
warnings against such use. This allows remote attackers to recover any
wallet private keys generated from "bx seed" entropy output and steal funds.
(Affected users need to move funds to a secure new cryptocurrency wallet.)
NOTE: this was exploited in the wild in June and July 2023."

https://github.com/libbitcoin/libbitcoin-explorer/wiki/Random-Numbers
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-cert-new
https://github.com/libbitcoin/libbitcoin-explorer/wiki/bx-seed

----------------------------------------------------------------------------
------