Vulnerabilites related to profanity_project - profanity
Vulnerability from fkie_nvd
Published
2022-09-18 17:15
Modified
2024-11-21 07:22
Severity ?
Summary
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c | Third Party Advisory | |
| cve@mitre.org | https://github.com/johguse/profanity | Third Party Advisory | |
| cve@mitre.org | https://github.com/johguse/profanity/issues/61 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/johguse/profanity | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/johguse/profanity/issues/61 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| profanity_project | profanity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:profanity_project:profanity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16E1CC96-F6AE-40E6-8DEE-1FAD971A615B",
"versionEndIncluding": "1.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022."
},
{
"lang": "es",
"value": "profanity versiones hasta 1.60, presenta s\u00f3lo cuatro mil millones de posibles inicializaciones del RNG. As\u00ed, los atacantes pueden recuperar las claves privadas de las direcciones de vanidad de Ethereum y robar criptomonedas, como fue explotado \"in the wild\" en junio de 2022"
}
],
"id": "CVE-2022-40769",
"lastModified": "2024-11-21T07:22:01.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-18T17:15:09.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/johguse/profanity"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/johguse/profanity/issues/61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/johguse/profanity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/johguse/profanity/issues/61"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-09 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| profanity_project | profanity | 0.4.7 | |
| profanity_project | profanity | 0.4.7 | |
| profanity_project | profanity | 0.4.7 | |
| profanity_project | profanity | 0.4.7 | |
| profanity_project | profanity | 0.4.7 | |
| profanity_project | profanity | 0.5.0 | |
| profanity_project | profanity | 0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "F4C9F9D7-C8EC-44E4-A55B-06A4AD0F03F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.4.7:cyg1:*:*:*:*:*:*",
"matchCriteriaId": "B3D0DE23-B7EE-4644-A9E8-7A97385132A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.4.7:cyg2:*:*:*:*:*:*",
"matchCriteriaId": "7610BDB4-D5C8-4333-BD4B-6ADF4EC7B421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.4.7:cyg3:*:*:*:*:*:*",
"matchCriteriaId": "4F7A6765-DBEC-4984-B702-B798D72A665C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.4.7:patch1:*:*:*:*:*:*",
"matchCriteriaId": "0945DFD2-C235-4E44-BD50-1C1F9D1C15D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6639BA25-1467-462A-82DD-9E62103CC42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:profanity_project:profanity:0.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CF8A3688-A998-4619-B1BC-828DD5871A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application\u0027s display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0)."
},
{
"lang": "es",
"value": "Una implementaci\u00f3n incorrecta de \"XEP-0280: Message Carbons\" en m\u00faltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicaci\u00f3n vulnerable. Esto permite varios tipos de ataques de ingenier\u00eda social. Esta CVE es para profanity (0.4.7 - 0.5.0)."
}
],
"id": "CVE-2017-5592",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-09T20:59:00.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/02/09/29"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96173"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/02/09/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-40769 (GCVE-0-2022-40769)
Vulnerability from cvelistv5
Published
2022-09-18 16:01
Modified
2024-08-03 12:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c | x_refsource_MISC | |
| https://github.com/johguse/profanity | x_refsource_MISC | |
| https://github.com/johguse/profanity/issues/61 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/johguse/profanity"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/johguse/profanity/issues/61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-18T16:01:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/johguse/profanity"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/johguse/profanity/issues/61"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-40769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c",
"refsource": "MISC",
"url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
},
{
"name": "https://github.com/johguse/profanity",
"refsource": "MISC",
"url": "https://github.com/johguse/profanity"
},
{
"name": "https://github.com/johguse/profanity/issues/61",
"refsource": "MISC",
"url": "https://github.com/johguse/profanity/issues/61"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40769",
"datePublished": "2022-09-18T16:01:08",
"dateReserved": "2022-09-18T00:00:00",
"dateUpdated": "2024-08-03T12:28:42.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5592 (GCVE-0-2017-5592)
Vulnerability from cvelistv5
Published
2017-02-09 20:00
Modified
2024-08-05 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/02/09/29 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96173 | vdb-entry, x_refsource_BID | |
| https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b | x_refsource_MISC | |
| https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ | x_refsource_MISC | |
| https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/02/09/29"
},
{
"name": "96173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96173"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application\u0027s display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-28T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/02/09/29"
},
{
"name": "96173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96173"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application\u0027s display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/02/09/29",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/02/09/29"
},
{
"name": "96173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96173"
},
{
"name": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b",
"refsource": "MISC",
"url": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b"
},
{
"name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/",
"refsource": "MISC",
"url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/"
},
{
"name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf",
"refsource": "MISC",
"url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5592",
"datePublished": "2017-02-09T20:00:00",
"dateReserved": "2017-01-25T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}