An insecurely configured Ethereum client without a firewall and with unlocked accounts could allow an attacker to remotely access your funds.
Configurations affected: All implementations are included, but this is a reported issue for Geth. C++ and Python can in principle exhibit this behavior when used insecurely. This is only possible for nodes that have a JSON-RPC port open to an attacker (except most nodes on the internal network behind a NAT), bind the interface to a public IP, and at the same time leave the account unlocked at startup.
What could happen: low
Severity: High
effect: Loss of funds associated with wallets imported or created by the Client
Details:
It has been discovered that some individuals are circumventing security features built into the JSON-RPC interface. The RPC interface allows you to send a transaction from any account that is unlocked before sending the transaction and remains unlocked for the entire session.
By default, RPC is disabled and when enabled, it can only be accessed from the same host where the Ethereum client is running. If you don’t include firewall rules and open your RPC to anyone on the internet, your wallet could be stolen by someone who knows your IP and address.
Impact on expected chain reorganization depth: doesn’t exist
Corrective Actions Taken by Ethereum: eth RC1 is completely secure by requiring explicit user authentication for potential remote transactions. Newer versions of Geth may support this feature.
Suggested workaround: Run only the default settings for each client and understand how those changes affect security when you change them.
Note: This is not a bug, but a misuse of JSON-RPC.
Advisory: Do not enable the JSON-RPC interface on systems with access to the Internet without a firewall policy blocking the JSON-RPC port (default: 8545).
S: Please use RC1 or higher.
Geth: Use safe defaults and understand the security implications of your options.
–rpcaddr “127.0.0.1”. This is the default, allowing only connections originating from the local computer. Remote RPC connections are disabled.
–release. This parameter is used to unlock the account at startup to aid automation. By default, all accounts are locked.