An error in all implementations of Zcash and most of its forks allows you to reveal the IP address of the full node to which the protected address belongs (zaddr).

Komodo developer Jonathan Leto said on the blog that the bug has existed since the Zcash protocol release and is present in all branches of the source code. The vulnerability allows metadata leakage, including the IP addresses of nodes, which “strongly contradicts” the principles of Zcash development.

According to the report, the vulnerability could affect anyone who published their secure address or provided it to a third party.

A detected error will not lead to data leakage if the user only sent funds to other zaddr but did not receive it. It eliminates the value of IP address disclosure for attackers using the Tor browser, Komodo developer recalled.

Summer brought a complete list of affected coins: Zcash (ZEC), Hush (HUSH), Pirate (ARRR), Horizen (ZEN), Zero (ZER), VoteCoin (VOT), Snowgem (XSG), BitcoinZ (BTCZ), LitecoinZ ( LTZ), Zelcash (ZEL), Ycash (YEC), Arrow (ARW), Verus (VRSC), Bitcoin Private (BTCP), ZClassic (ZCL), Anon (ANON) and all Komodo smart chains (KMD). He recalled that KMD had historically had zaddr, but the feature was subsequently disabled.





Source link

Register at Binance

Vulnerability To Be Found In Zcash Implementations
Vulnerability To Be Found In Zcash Implementations
Vulnerability To Be Found In Zcash Implementations
Vulnerability To Be Found In Zcash Implementations

Vulnerability To Be Found In Zcash Implementations

Vulnerability To Be Found In Zcash Implementations