Security Alert – Insecurely configured geth can make funds remotely accessible
Posted by Jutta Steiner on August 29th, 2015.
Insecurely configured geth with no firewall and unlocked accounts can lead to funds being accessed remotely by attackers
Affected implementation: Issue reported for geth, though all implementations incl. C++ and python can in principle display this behavior if used insecurely; only for nodes which leave the JSONRPC port open to an attacker (this precludes most nodes on internal networks behind NAT).
Impact: Loss of funds related to wallets imported or generated in clients
Details: The RPC allows you to send transactions from any account which has been unlocked prior to sending a transaction and will stay unlocked for the entirety of the the session. By default, RPC is accessible only from the same host on which geth is running. By opening the RPC to be accessed by anyone on the internet and not including a firewall rules, you open up your wallet to theft by anybody who knows your address in combination with your IP
Effects on expected chain reorganisation depth: none
Remedial action taken by Ethereum: eth RC1 will be fully secure by requiring explicit user-authorisation for any potentially remote transaction. Later versions of geth may support this functionality.
Proposed temporary workaround: Ensure you have a firewall in place on the JSONRPC port (default 8545) to prevent attackers from using the RPC.
Alternative, secondary workaround: Never unlock any accounts.
Alternative workaround (geth only): Do not use the --rpccorsdomain option
For updates, please refer to this blog post: https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/