From 93e70c590cfd7e90b54d31b59f1cbbdd23185c96 Mon Sep 17 00:00:00 2001 From: Amarantha Kulkarni Date: Mon, 28 Apr 2025 09:02:58 -0700 Subject: [PATCH] Fix timestamp under Discovery section --- blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md b/blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md index 69faeb58e4..e1580ecd95 100644 --- a/blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md +++ b/blog/2025/vulnerabilitydisclosurereport-bug-apr2025.md @@ -38,7 +38,7 @@ As of today, no downstream effects have been reported. Those that have installed ### Discovery -At 9:14 AM UTC on 22 Apr 2025, Ripple teams were alerted by a security researcher from Aikido Security about a breach in the `xrpl` package in the npmjs.com repository. The malicious package contained a function called `checkValidityOfSeed`, which triggers a call to the attacker’s domain to surreptitiously steal information used to assemble an XRPL private key. +At 8:14 AM UTC on 22 Apr 2025, Ripple teams were alerted by a security researcher from Aikido Security about a breach in the `xrpl` package in the npmjs.com repository. The malicious package contained a function called `checkValidityOfSeed`, which triggers a call to the attacker’s domain to surreptitiously steal information used to assemble an XRPL private key. Ripple and the XRPL Foundation began investigating the incident, and learned from the Aikido team that versions `4.2.1` through `4.2.4` (as well as `2.14.2`) were impacted. As part of this discovery process, Ripple engineering teams verified that malicious code was initially implemented within the functions `generate(algorithm = DEFAULT algorithm)` and `fromRFC1751Mnemonic(mnemonic, opts)`. This code was published in all cases directly into npm (bypassing all PR approval processes) using the same compromised user account. @@ -109,4 +109,4 @@ For more information or to report further issues, please contact the team at bug | Initial Discovery | April 22nd, 2025 08:14 UTC | Ripple alerted by an external security researcher about a breach in the `xrpl` package on npm. | | Mitigation Actions Taken | April 22nd, 2025 08:14 - 12:34 UTC | Affected npm packages were deprecated; new packages uploaded to prevent the compromise in new dependent software releases. | | Library Resolution Completed | April 22nd, 2025 12:34 UTC | The npm package vulnerability has been mitigated. | -| Additional Mitigation Actions | April 22nd, 2025 | Further remediation actions described above taken (e.g., CVE publishing, domain reporting, etc). | \ No newline at end of file +| Additional Mitigation Actions | April 22nd, 2025 | Further remediation actions described above taken (e.g., CVE publishing, domain reporting, etc). |