Beam Wallet Vulnerability Report

January 16th, 2019

On January the 9th 2019 at 08:20 PM GMT, a vulnerability was discovered in Beam Wallet.

The issue was discovered internally by the Beam Development Team and was not reported anywhere else.

The vulnerability would have allowed an attacker to create a modified transaction to any wallet listening on an active SBBS address and would have caused the wallet to send funds to the attacker wallet.

The vulnerability was fixed the same day, and updated binaries were deployed to the website.

Users and partners were notified and required to upgrade their wallets

To avoid disclosing the possible attack vectors, the fix was not committed to the open source repository at the time.

The source code was committed four days later as part of Beam Wallet next update.

CVE ID: CVE-2019–6450

We encourage everyone to update their Wallet to the latest version.

If you find any kind of bug, issue or vulnerability, related to the one we face today or not, please make sure to reach us as soon as possible via email: security@beam.mw or submit an issue on Github.

Thanks for your patience and your understanding. Team Beam will continue with your help to build a confidential, comprehensive and secure ecosystem.