Home > Vulnerability Database > CVE-2022-40769

Mend.io Vulnerability Database

CVE-2022-40769

Date: September 18, 2022

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

Language: C++

Severity Score

7.5

Related Resources (5)

Url: https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c

Url: https://github.com/johguse/profanity

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40769

Url: https://github.com/johguse/profanity/issues/61

Url: https://www.mend.io/vulnerability-database/CVE-2022-40769

Severity Score

7.5

Weakness Type (CWE)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40769

Date: September 18, 2022

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?