Incorrectly configured EOS nodes …

Incorrectly configured EOS nodes …

Misconfigured EOS nodes can transfer private keys to the network

Attackers are scanning the Internet for EOS nodes that might be distributing their private keys due to a misconfigured API, writes Bleeping Computer.

As GreyNoise reported, the scan started on Tuesday and all suspicious activity comes from the IP address

The scanning began a few hours after the publication of the material by the Chinese company Qihoo 360, which reported a “series of grandiose vulnerabilities” in the EOS software, allowing remote code execution on nodes and causing a number of undesirable consequences, but the latest attack seems to be related to this message does not have.

However, it is directly related to a report published a week ago on GitHub, which refers to an issue in the EOS RPC API endpoint leading to the disclosure of private keys of EOS accounts..

According to a report on GitHub, there is no authentication system that protects the endpoint of this API, and information is transmitted to the network through the public interface of the EOS nodes..

Obviously, the organizer of the attack read the report on GitHub and is now trying to find nodes whose owners did not take the necessary measures to ensure their security..

Incorrectly configured EOS nodes ...

However, the situation is not as critical as it might seem. As reported by one of the EOS developers, this API endpoint is not a standard element of the EOS API and is only included in the wallet_plugin file. This plugin is used for testing, that is, in practice, a very small number of nodes will use it with a direct connection to the Internet, and, as a rule, it does not run on production nodes.

In any case, all EOS node owners who have not yet done so should disable the plugin on their worker nodes and use a different method to handle private keys..

Earlier, the EOS developers announced that they had fixed the vulnerability discovered by Qihoo 360, adding that it was not as serious as the Chinese company wrote about it..

Incorrectly configured EOS nodes ...

Similar articles