| 属性 | 内容 | |------|------| | | CVE-2019-15947 | | 影响版本 | Bitcoin Core 0.18.0 | | 风险等级 | 高危(7.5/10 CVSS) | | 漏洞类型 | 信息泄露 |
An "Index of" page occurs when a web server (such as Apache or Nginx) receives a request for a directory URL that lacks a default index file (like index.html ). If directory listing is globally enabled, the server automatically generates a public web page indexing every file in that directory.
As Bitcoin continued to grow in popularity, the limitations of the indexofbitcoinwalletdat feature became apparent. Users began to experience issues with wallet performance, particularly when dealing with large numbers of transactions or addresses. In response, developers introduced patches to address these issues, which led to the creation of indexofbitcoinwalletdat patched. indexofbitcoinwalletdat patched
: Ensure the autoindex directive is set to off in your server block: location / autoindex off; Use code with caution. Copied to clipboard 2. Restrict File Access
: Set restrictive permissions so only the Bitcoin process owner can read it. chmod 600 wallet.dat Use code with caution. Copied to clipboard 3. Implement .htaccess Blocks | 属性 | 内容 | |------|------| | |
To address the scalability issues associated with large wallet files, developers introduced the indexofbitcoinwalletdat feature. This innovation allowed for more efficient storage and retrieval of wallet data, enabling users to manage larger numbers of addresses and transactions. The indexofbitcoinwalletdat file served as an index, pointing to specific locations within the wallet.dat file, making it easier to access and update wallet data.
Never store wallet files on a machine that also acts as a public-facing web server. Encryption: Users began to experience issues with wallet performance,
| 防护措施 | 具体操作 | 优先级 | |---------|---------|--------| | | 将 wallet.dat 备份到离线介质(U盘、冷存储设备) | ⭐⭐⭐⭐⭐ | | 强密码策略 | 使用 20 位以上包含大小写、数字、符号的强密码 | ⭐⭐⭐⭐⭐ | | 禁用目录列表 | 配置 Web 服务器,关闭目录浏览功能 | ⭐⭐⭐⭐ | | 定期升级 | 及时更新 Bitcoin Core 到最新稳定版 | ⭐⭐⭐⭐ | | 禁用核心转储 | ulimit -c 0 或删除已生成的 core 文件 | ⭐⭐⭐ | | 防火墙配置 | 仅开放必要的端口,限制端口暴露 | ⭐⭐⭐ | | 杀毒软件+防火墙 | 防御恶意软件窃取钱包文件 | ⭐⭐⭐ |
If the file must remain on a server, explicitly deny all web requests to it.