Security Advisory [Insecurely configured geth can make funds remotely accessible]

Insecurely configured Ethereum clients without firewalls and account locks can allow attackers to access funds remotely.

Affected configurations: An issue was reported with Geth, but with all implementations. C++ and Python can in principle exhibit this behavior if used insecurely. Leave the JSON-RPC port open to attackers (this eliminates most nodes on the internal network behind NAT), bind the interface to a public IP, and at the same time lock the account on startup This only applies to nodes that you want to keep unlocked.

possibility: low

Severity: expensive

Impact: Loss of funds related to wallets imported or generated on the client

detail:

It has been discovered that some individuals have bypassed the built-in security set on the JSON-RPC interface. The RPC interface allows you to submit transactions from any account that is unlocked before submitting the transaction and remains unlocked throughout the session.

By default, RPC is disabled, and when enabled, it can only be accessed from the same host that the Ethereum client is running on. If you don’t include a firewall rule and open the RPC for anyone on the internet to access, your wallet could be stolen by someone who knows your IP and address combination.

Expected impact on chain reorganization depth: none

Corrective action by Ethereum: eth RC1 is made completely secure by requiring explicit user authorization for potentially remote transactions. Newer versions of Geth may support this feature.

Suggested temporary workaround: Run only the default settings for each client, and if you make changes, understand how the changes affect security.

Note: This is not a bug, but a misuse of JSON-RPC.

Advice: Never enable the JSON-RPC interface on a machine that has internet access unless you have a firewall policy in place that blocks the JSON-RPC port (default: 8545).

Ether: Please use RC1 or later.

Guess: Use safe defaults and understand the security implications of your options.

–rpcaddr “127.0.0.1”. This is the default value that only allows connections from the local computer.Remote RPC connections are disabled

–Unlock. This parameter is used to unlock the account at startup to aid automation.By default all accounts are locked

Related Article

0 Comments

Leave a Comment