ARCHIVE/xrpl-dev-portal
1
0
Fork 0
mirror of https://github.com/XRPLF/xrpl-dev-portal.git synced 2025-11-04 11:55:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix timestamp under Discovery section

Browse Source
This commit is contained in:
Amarantha Kulkarni
2025-04-28 09:02:58 -07:00
committed by GitHub
parent d10391f42b
commit 93e70c590c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md
View File

@@ -38,7 +38,7 @@ As of today, no downstream effects have been reported. Those that have installed
### Discovery
At 9:14 AM UTC on 22 Apr 2025, Ripple teams were alerted by a security researcher from Aikido Security about a breach in the `xrpl` package in the npmjs.com repository. The malicious package contained a function called `checkValidityOfSeed`, which triggers a call to the attackers domain to surreptitiously steal information used to assemble an XRPL private key.
At 8:14 AM UTC on 22 Apr 2025, Ripple teams were alerted by a security researcher from Aikido Security about a breach in the `xrpl` package in the npmjs.com repository. The malicious package contained a function called `checkValidityOfSeed`, which triggers a call to the attackers domain to surreptitiously steal information used to assemble an XRPL private key.
Ripple and the XRPL Foundation began investigating the incident, and learned from the Aikido team that versions `4.2.1` through `4.2.4` (as well as `2.14.2`) were impacted. As part of this discovery process, Ripple engineering teams verified that malicious code was initially implemented within the functions `generate(algorithm = DEFAULT algorithm)` and `fromRFC1751Mnemonic(mnemonic, opts)`. This code was published in all cases directly into npm (bypassing all PR approval processes) using the same compromised user account.
@@ -109,4 +109,4 @@ For more information or to report further issues, please contact the team at bug
| Initial Discovery | April 22nd, 2025 08:14 UTC | Ripple alerted by an external security researcher about a breach in the `xrpl` package on npm. |
| Mitigation Actions Taken | April 22nd, 2025 08:14 - 12:34 UTC | Affected npm packages were deprecated; new packages uploaded to prevent the compromise in new dependent software releases. |
| Library Resolution Completed | April 22nd, 2025 12:34 UTC | The npm package vulnerability has been mitigated. |
| Additional Mitigation Actions | April 22nd, 2025 | Further remediation actions described above taken (e.g., CVE publishing, domain reporting, etc). |
| Additional Mitigation Actions | April 22nd, 2025 | Further remediation actions described above taken (e.g., CVE publishing, domain reporting, etc). |