Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2020-6861 PoC — Ledger SAS Ledger Monero app 信息泄露漏洞

Source
https://github.com/ph4r05/ledger-app-monero-1.42-vuln
Associated Vulnerability
Title:Ledger SAS Ledger Monero app 信息泄露漏洞 (CVE-2020-6861)
Description:A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.
Description
PoC repository for CVE-2020-6861: Ledger Monero App Spend key Extraction
Readme
# CVE-2020-6861: Ledger Monero App Spend key Extraction

PoC repository for article:

[https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html](https://deadcode.me/blog/2020/04/25/Ledger-Monero-app-spend-key-extraction.html)
File Snapshot

 [4.0K]  /data/pocs/1ab4098d45102d116f737122cc4c352f5019ee95
├── [2.3K]  building_app.md
├── [1.6K]  ledger-bounty.asc
├── [ 18K]  ledger_monero_vuln02.md
├── [9.4K]  ledger_monero_vulnerability_disclosure.md
├── [5.2K]  ledger_report_ph4r05.md.asc
├── [1.8K]  poc.ipynb
├── [2.3K]  poc_math.sage
├── [ 11K]  poc.py
├── [ 516]  poc_sim.py
└── [ 252]  README.md

0 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →