| Title | NutzBoot project NutzBoot NutzBoot 2.6.0-SNAPSHOT Information Disclosure (Wallet password leakage) |
|---|
| Description | The Web3j demo module exposes /web3j/local/accounts without any authentication and serializes the entire Web3jAccount object, including the password property. As a result, any remote caller can retrieve the cleartext passphrases for every configured Ethereum account. |
|---|
| Source | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/nutzboot-InfoLeak-1/report.md |
|---|
| User | sh7err03 (UID 92418) |
|---|
| Submission | 11/10/2025 11:04 (7 months ago) |
|---|
| Moderation | 11/30/2025 15:13 (20 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 333814 [nutzam NutzBoot up to 2.6.0-SNAPSHOT Ethereum Wallet EthModule.java information disclosure] |
|---|
| Points | 17 |
|---|