HomeEthereumSecurity Advisory

Security Advisory [Insecurely configured geth can make funds remotely accessible]

-


Insecurely configured Ethereum clients with no firewall and unlocked accounts can lead to funds being accessed remotely by attackers.

Affected configurations: Issue reported for Geth, though all implementations incl. C++ and Python can in principle display this behavior if used insecurely; only for nodes which leave the JSON-RPC port open to an attacker (this precludes most nodes on internal networks behind NAT), bind the interface to a public IP, and simultaneously leave accounts unlocked at startup.

Likelihood: Low

Severity: High

Impact: Loss of funds related to wallets imported or generated in clients

Details:

It’s come to our attention that some individuals have been bypassing the built-in security that has been placed on the JSON-RPC interface. The RPC interface allows you to send transactions from any account which has been unlocked prior to sending a transaction and will stay unlocked for the entirety of the the session.

By default, RPC is disabled, and by enabling it it is only accessible from the same host on which your Ethereum client is running. By opening the RPC to be accessed by anyone on the internet and not including a firewall rules, you open up your wallet to theft by anybody who knows your address in combination with your IP.

 

Effects on expected chain reorganisation depth: none

Remedial action taken by Ethereum: eth RC1 will be fully secure by requiring explicit user-authorisation for any potentially remote transaction. Later versions of Geth may support this functionality.

Proposed temporary workaround: Only run the default settings for each client and when you do make changes understand how these changes impact your security.

 

NOTE: This is not a bug, but a misuse of JSON-RPC.

 

ADVISORY: Never enable JSON-RPC interface on an internet-accessible machine without a firewall policy in place to block the JSON-RPC port (default: 8545).

 

eth: Use RC1 or later.

 

geth: Use the safe defaults, and know security implications of the options.

–rpcaddr  “127.0.0.1”. This is the default value to only allow connections originating on the local computer; remote RPC connections are disabled

–unlock. This parameter is used to unlock accounts at startup to aid in automation. By default, all accounts are locked



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

LATEST POSTS

Belgian Bank KBC Group To Launch Crypto Trading For Retail Investors

Key TakeawaysKBC Group will become the first Belgian bank to offer its customers access to cryptocurrency investments.The Belgian bank plans to launch crypto asset...

Flareonix Airdrop Is LIVE! Claim Your Share of 100M FXP Today!

Flareonix AI is a community-powered staking ecosystem designed to make earning in Web3 simple, fair, and rewarding for everyone. It combines decentralized staking, AI-optimized yield...

KAI Network Launches Mainnet to Power the AI Economy with On-chain Incentives

July 4, 2025 – The Mainnet That Changes EverythingThe AI revolution has a $400 billion problem: the people creating the value aren’t capturing it.The...

Japan Sets Global Example By Making XRP A Core Financial Standard

Key TakeawaysJapan has made XRP a core financial standard by integrating the token into its national economic infrastructure.SBI Holdings made a significant investment in...

Most Popular