5.9

CVE-2018-12885

Exploit

EPSS 0.43%
Veröffentlicht 07.08.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:46:02
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mycryptochamp ≫ Mycryptochamp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc

Third Party Advisory

https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430

Third Party Advisory

https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-12885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12885

EUVD