Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-31290
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-27 Apr, 2023 | 05:15
Updated At-30 Jan, 2025 | 21:15

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
trustwallet
trustwallet
>>trust_wallet_browser_extension>>Versions from 0.0.172(inclusive) to 0.0.183(exclusive)
cpe:2.3:a:trustwallet:trust_wallet_browser_extension:*:*:*:*:*:*:*:*
trustwallet
trustwallet
>>trust_wallet_core>>Versions before 3.1.1(exclusive)
cpe:2.3:a:trustwallet:trust_wallet_core:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-338Primarynvd@nist.gov
CWE-338Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-338
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-338
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/cve@mitre.org
Exploit
Third Party Advisory
https://community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787cve@mitre.org
Vendor Advisory
https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786cve@mitre.org
Vendor Advisory
https://github.com/trustwallet/wallet-core/compare/3.1.0...3.1.1cve@mitre.org
Patch
https://twitter.com/TrustWallet/status/1649699428733947906cve@mitre.org
Third Party Advisory
https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://github.com/trustwallet/wallet-core/compare/3.1.0...3.1.1af854a3a-2127-422b-91ae-364da2661108
Patch
https://twitter.com/TrustWallet/status/1649699428733947906af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://github.com/trustwallet/wallet-core/compare/3.1.0...3.1.1
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://twitter.com/TrustWallet/status/1649699428733947906
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://blog.ledger.com/Funds-of-every-wallet-created-with-the-Trust-Wallet-browser-extension-could-have-been-stolen/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://community.trustwallet.com/t/browser-extension-wasm-vulnerability-postmortem/750787
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://community.trustwallet.com/t/wasm-vulnerability-incident-update-and-recommended-actions/750786
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://github.com/trustwallet/wallet-core/compare/3.1.0...3.1.1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://twitter.com/TrustWallet/status/1649699428733947906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found