Skip to content

unencrypted seed phrases in leveldb file #16

Description

@azzsoft

Tested version: minter-console-0.6.2-portable-x64.exe
All seed phrases, which have been submitted in the login form are stored unencrypted in the following plain text file: <windows_drive>\Users<username>\AppData\Roaming\minter-console-web\Local Storage\leveldb\000003
Seed phrases are accumulated in this file and moreover are not being cleared after logging out.
This is a very critical vulnerability, which confuse users, as they think, the solution from minter team is secure.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions