CVE-2024-0676

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 30, 2024

Updated: Feb 8, 2024

CWE ID 521

Summary

CVE-2024-0676 is a vulnerability affecting the Lamassu Bitcoin ATM Douro machines in their 7.1 version. This issue involves weak password requirements, allowing local users with access to the machine where the application is installed to interact with it. Malicious actors can retrieve stored hashes from the machine and use dictionary attacks to crack long, yet simple 4-character passwords. This vulnerability poses a significant risk to the security of Bitcoin transactions processed through the affected ATMs.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uMGFqz
https://www.cve.org/CVERecord?id=CVE-2024-0676
https://nvd.nist.gov/vuln/detail/CVE-2024-0676

Back to Vulnerability Database

CVE-2024-0676

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations