Impact
Improper initialization of cryptographic parameters in the keystore.py encrypt function can cause the resulting encryption of keystore files to be insecure. Anyone who created multiple keystore files from a single execution of this tool or staking-deposit-cli (previously known as eth2-deposit-cli) with the new-mnemonic or existing-mnemonic commands is affected. Users of Wagyu Key Gen are affected in a similar manner. If multiple keystore files of a batch are leaked a malicious user may be able to obtain the keystore private keys without having access to the related keystore file password. For a low amount of leaked keystore files, this attack requires more computing power than most people have available. As the number of leaked keystore files increase from a single run of the deposit tools, this attack might become trivial.
Patches
This issue is resolved in ethstaker-deposit-cli version 0.6.0. It is also resolved in staking-deposit-cli version 2.8.0 and Wagyu Key Gen version 1.11.1.
Workarounds
There are a few ways to work around this issue:
- Creating one keystore file at a time during a single run of the tool
- Securing keystore files in all the medias they are used for
References
You can learn more about this issue on #238.
Credits
This issue was found by Trail of Bits during their security assessment of ethstaker-deposit-cli.
Impact
Improper initialization of cryptographic parameters in the
keystore.pyencryptfunction can cause the resulting encryption of keystore files to be insecure. Anyone who created multiple keystore files from a single execution of this tool or staking-deposit-cli (previously known as eth2-deposit-cli) with thenew-mnemonicorexisting-mnemoniccommands is affected. Users of Wagyu Key Gen are affected in a similar manner. If multiple keystore files of a batch are leaked a malicious user may be able to obtain the keystore private keys without having access to the related keystore file password. For a low amount of leaked keystore files, this attack requires more computing power than most people have available. As the number of leaked keystore files increase from a single run of the deposit tools, this attack might become trivial.Patches
This issue is resolved in ethstaker-deposit-cli version 0.6.0. It is also resolved in staking-deposit-cli version 2.8.0 and Wagyu Key Gen version 1.11.1.
Workarounds
There are a few ways to work around this issue:
References
You can learn more about this issue on #238.
Credits
This issue was found by Trail of Bits during their security assessment of ethstaker-deposit-cli.