CVE-2022-32969
N/A
N/A
Summary
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/MetaMask/metamask-extension/compare/v10.11.2…v10.11.3
- https://halborn.com/disclosures/demonic-vulnerability/
- https://halborn.com/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions/
References
- https://github.com/MetaMask/metamask-extension/compare/v10.11.2…v10.11.3
- https://halborn.com/disclosures/demonic-vulnerability/
- https://halborn.com/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.